tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Multiple authentication methods? Fallback from keycloak saml to basic/form auth?
Date Wed, 23 Aug 2017 20:07:07 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ken,

On 8/23/17 10:51 AM, ken edward wrote:
> I have tomcat value for authentication implemented and working 
> (keycloak saml tomcat adapter). but how can I implement a fallback 
> to form/basic authentication? Can I chain auth valves?

You can write a Valve that chains two Valves together, and use that.

However, you may find that getting two separate authenticator valves
to work "with" one another, even if they both work very well separately.

If it were me, I'd always use a separate URL endpoint for SAML
authentications, with that endpoint doing it's work without any
separate authentication, and calling
HttpServletRequest.login(user,password). Then use FORM login for
everyone else.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZneBrAAoJEBzwKT+lPKRY5UgQAInZW88/HuijEuy4rPODWOhn
YMsNBwJ3A3QyjY0cJIrcwIraZn26DGF5zdVJUFOoWesaYz5vTkXLK4GENXOL/l5u
Z/hH4h0fwGZRe6/VoiVyF06M+cDB62Jr9xNAMm8ryk1nTqlwQBArY0EQGlnIbcRB
qa2vqc9SoCALFImIQc/0KKs0dR+QK48tffVMUAPtVUlS2ptyJ/oGoyMnIOrh2KPq
WzgRcgHDOJlnHiY7oD9N5Ylv2EO6Xcph2ol5YtxYi1mX0Hy+jsqJeO4OhRqL6Hf6
OevdENk/qEq4Z554aR6sgZHh2HFGpaezJ/64KvU/uBLfnb7HTJAPzU0FhM3mHU/g
w7awTXaKx/aFBLnkYEwq84+RbJ6Sg89xohdYt6QSQQLBk1w0rMSxWRZTR8mgHCqT
jX9797KW9ImwBGEmEDsThRWHz+g4060vDpAb6YbDF7LSyMabQXuaiqVEYeA9HMJs
bIR6hn6mSlZ1SroUbvJ9/JaPqWAWEyjEmPC8ewnLwMJL/+gC6PfQPhvT8k4cSgjd
dBXFN45YB7CXMpIgl0fNufbdhPnsfkNVGOqFWemKQqn1I9UrHxBFkSpYZLBw0aTo
6Ezcdy8UqFrQw8OttS3qgz6RWhrOUBKIJCF0HDLs/hZii0Rx73IaS9T4BdupnlkM
9jTmGhzMIhcIYE4Abmox
=GlYF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message