Return-Path: <users-return-262369-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 3380D200497
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed, 23 Aug 2017 22:07:14 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 303E6161F2F; Wed, 23 Aug 2017 20:07:14 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 769AB161EC1
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 23 Aug 2017 22:07:13 +0200 (CEST)
Received: (qmail 7632 invoked by uid 500); 23 Aug 2017 20:07:11 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 7621 invoked by uid 99); 23 Aug 2017 20:07:11 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Aug 2017 20:07:11 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 24B90C80AC
	for <users@tomcat.apache.org>; Wed, 23 Aug 2017 20:07:11 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 0.999
X-Spam-Level: 
X-Spam-Status: No, score=0.999 tagged_above=-999 required=6.31
	tests=[KAM_LAZY_DOMAIN_SECURITY=1, SPF_HELO_PASS=-0.001]
	autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id tZIx0-LuNLoq for <users@tomcat.apache.org>;
	Wed, 23 Aug 2017 20:07:09 +0000 (UTC)
Received: from mailbox.servedge.com (li1281-212.members.linode.com [45.79.182.212])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id D7CCB5F245
	for <users@tomcat.apache.org>; Wed, 23 Aug 2017 20:07:08 +0000 (UTC)
Received: (qmail 9117 invoked by uid 513); 23 Aug 2017 15:07:07 -0500
Received: from pool-173-66-116-184.washdc.fios.verizon.net (HELO Christophers-iMac.local) (chris@christopherschultz.net@173.66.116.184)
  by mailbox.servedge.com with AES128-SHA encrypted SMTP; 23 Aug 2017 15:07:07 -0500
Subject: Re: Multiple authentication methods? Fallback from keycloak saml to
 basic/form auth?
To: users@tomcat.apache.org
References: <CAAqgmoOrBdTn4Ea0yOGJwQA04VTHSmOuS8qFYYzFwWB-VM2nCA@mail.gmail.com>
From: Christopher Schultz <chris@christopherschultz.net>
Message-ID: <5a0ddc15-0777-8535-5469-9cb555160dda@christopherschultz.net>
Date: Wed, 23 Aug 2017 16:07:07 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
 Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <CAAqgmoOrBdTn4Ea0yOGJwQA04VTHSmOuS8qFYYzFwWB-VM2nCA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
archived-at: Wed, 23 Aug 2017 20:07:14 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ken,

On 8/23/17 10:51 AM, ken edward wrote:
> I have tomcat value for authentication implemented and working 
> (keycloak saml tomcat adapter). but how can I implement a fallback 
> to form/basic authentication? Can I chain auth valves?

You can write a Valve that chains two Valves together, and use that.

However, you may find that getting two separate authenticator valves
to work "with" one another, even if they both work very well separately.

If it were me, I'd always use a separate URL endpoint for SAML
authentications, with that endpoint doing it's work without any
separate authentication, and calling
HttpServletRequest.login(user,password). Then use FORM login for
everyone else.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZneBrAAoJEBzwKT+lPKRY5UgQAInZW88/HuijEuy4rPODWOhn
YMsNBwJ3A3QyjY0cJIrcwIraZn26DGF5zdVJUFOoWesaYz5vTkXLK4GENXOL/l5u
Z/hH4h0fwGZRe6/VoiVyF06M+cDB62Jr9xNAMm8ryk1nTqlwQBArY0EQGlnIbcRB
qa2vqc9SoCALFImIQc/0KKs0dR+QK48tffVMUAPtVUlS2ptyJ/oGoyMnIOrh2KPq
WzgRcgHDOJlnHiY7oD9N5Ylv2EO6Xcph2ol5YtxYi1mX0Hy+jsqJeO4OhRqL6Hf6
OevdENk/qEq4Z554aR6sgZHh2HFGpaezJ/64KvU/uBLfnb7HTJAPzU0FhM3mHU/g
w7awTXaKx/aFBLnkYEwq84+RbJ6Sg89xohdYt6QSQQLBk1w0rMSxWRZTR8mgHCqT
jX9797KW9ImwBGEmEDsThRWHz+g4060vDpAb6YbDF7LSyMabQXuaiqVEYeA9HMJs
bIR6hn6mSlZ1SroUbvJ9/JaPqWAWEyjEmPC8ewnLwMJL/+gC6PfQPhvT8k4cSgjd
dBXFN45YB7CXMpIgl0fNufbdhPnsfkNVGOqFWemKQqn1I9UrHxBFkSpYZLBw0aTo
6Ezcdy8UqFrQw8OttS3qgz6RWhrOUBKIJCF0HDLs/hZii0Rx73IaS9T4BdupnlkM
9jTmGhzMIhcIYE4Abmox
=GlYF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org