Additional configuration for Username/Password authentication

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2327 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/resources/WEB-INF/web.xml b/resources/WEB-INF/web.xml
index caa1086..20bcd60 100644 (file)
--- a/resources/WEB-INF/web.xml
+++ b/resources/WEB-INF/web.xml
@@ -66,12 +66,24 @@
         <servlet-name>RemoteUserAuthHandler</servlet-name>
         <url-pattern>/Authn/RemoteUser</url-pattern>
     </servlet-mapping>
+    
+    <!-- Servlet for doing Username/Password authentication -->
+    <servlet>
+        <servlet-name>UsernamePasswordAuthHandler</servlet-name>
+        <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>UsernamePasswordAuthHandler</servlet-name>
+        <url-pattern>/Authn/UserPassword</url-pattern>
+    </servlet-mapping>
 
     <security-constraint>
         <display-name>Shibboleth IdP</display-name>
         <web-resource-collection>
-            <web-resource-name>remote user authentication</web-resource-name>
+            <web-resource-name>user authentication</web-resource-name>
             <url-pattern>/Authn/RemoteUser</url-pattern>
+            <url-pattern>/Authn/UserPassword</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
         </web-resource-collection>
@@ -79,7 +91,7 @@
             <role-name>*</role-name> 
         </auth-constraint>
         <user-data-constraint>
-            <transport-guarantee>INTEGRAL</transport-guarantee>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
     </security-constraint>
     

diff --git a/resources/conf/handler.xml b/resources/conf/handler.xml
index 5e0944c..d966c54 100644 (file)
--- a/resources/conf/handler.xml
+++ b/resources/conf/handler.xml
@@ -33,5 +33,10 @@
     <AuthenticationHandler xsi:type="RemoteUser">
         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
     </AuthenticationHandler>
+    
+    <AuthenticationHandler xsi:type="UsernamePassword" 
+                           jaasConfigurationLocation="file://$IDP_HOME/conf/login.confg">
+        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
+    </AuthenticationHandler>
 
 </ProfileHandlerGroup>
\ No newline at end of file

diff --git a/resources/conf/login.config b/resources/conf/login.config
new file mode 100644 (file)
index 0000000..021317b
--- /dev/null
+++ b/resources/conf/login.config
@@ -0,0 +1,8 @@
+ShibUserPassAuth {
+   edu.vt.middleware.ldap.jaas.LdapLoginModule required
+      host="ldap.example.org"
+      base="ou=people,dc=example,dc=org"
+      ssl="true"
+      userField="uid"
+   ;
+};
\ No newline at end of file

diff --git a/resources/webpages/login.jsp b/resources/webpages/login.jsp
index 0ded682..4d27527 100644 (file)
--- a/resources/webpages/login.jsp
+++ b/resources/webpages/login.jsp
@@ -1,7 +1,7 @@
 <html>
 
        <body>
-               <form method="POST" action="${login.endpoint}">
+               <form method="POST" action="/Authn/UserPassword">
                        <input name="j_username" type="text" tabindex="1" />
                        <input name="j_password" type="password" tabindex="2" />
                        <button tabindex="3"/>