Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2994: Why is setting "force authentication" to false in centrifydc_fs.xml still forcing authentication for ADFS web applications?

Centrify DirectControl ,   Centrify DirectControl Plugins ,  

12 April,16 at 11:10 AM

Applies to: Centrify DirectControl Web plugin for J2EE on Jboss

Question:

Why is setting "force authentication" to false in centrifydc_fs.xml still forcing authentication for ADFS web applications?

centrifydc_fs.xml:

<CentrifydcFS forceAuth="false">


The log still shows:

[com.centrify.fs.SamlAgent] (http%2F192.168.3.230-8443-1) Force Auth attribute is true.


Answer:

If <auth-constraint> is defined in web.xml, then J2EE will use this file to decide whether to perform authentication.

Therefore, force-auth will always be true and the "forceAuth" setting in centrifydc_fs.xml will be ignored.

Following entries can be found in the log:

[com.centrify.fs.tomcat.SamlAuthenticator] Auth constraint found, enforcing auth first.
[com.centrify.fs.SamlAgent] Force Auth attribute is true.


This is expected and unavoidable.
 
For details please refer to our sample apps, “adfs-claims-aware” and “adfs-ordering”.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.