You are hereJAAS plugin for Shibboleth

JAAS plugin for Shibboleth


By mehow - Posted on 23 September 2012

Recently I had to write JAAS Login module for Shibboleth Identity Provider.

Tagish JAAS Login Module served as a base for my modifications. My database
contains no role table so I changed query in source to reflect this structure.

Problem I had, was the "Invalid column name 'username'." message when
I was 100% sure that such column is in my table. But because it was used in WHERE condition
but not returned by SELECT, my query was failing.

Another problem I had was with validateUser method from Tagish module.
It expects String username and char password[] as parameters and then
uses equals method from String object to compare them. And verfication was failing constantly
because it was String password from database against Char password from login
form. After converting it to String object the result of comparison worked
as should.

Changes in Shibboleth config files

login.config:

ShibUserPassAuth {
com.tagish.auth.DBLogin required
        dbDriver="com.microsoft.sqlserver.jdbc.SQLServerDriver"
        dbURL="jdbc:sqlserver://myserver:1433;databaseName=mydatabase;user=myuser;password=mypassword"
        userTable="Users"
        userColumn="Username"
        passColumn="password";

};

Login handlers from handlers.xml, RemoteUser got commented out and UsernamePassword
enabled:

<!--
<LoginHandler xsi:type="RemoteUser">
	<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
</LoginHandler>
-->
<LoginHandler xsi:type="UsernamePassword" jaasConfigurationLocation="file:///usr/local/idp/conf/login.config">
	<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
</LoginHandler>