Applies to: Centrify DirectControl Web plugin for J2EE on Jboss
Why is setting "force authentication" to false in centrifydc_fs.xml still forcing authentication for ADFS web applications?
The log still shows:
[com.centrify.fs.SamlAgent] (http%2F192.168.3.230-8443-1) Force Auth attribute is true.
If <auth-constraint> is defined in web.xml, then J2EE will use this file to decide whether to perform authentication.
Therefore, force-auth will always be true and the "forceAuth" setting in centrifydc_fs.xml will be ignored.
Following entries can be found in the log:
[com.centrify.fs.tomcat.SamlAuthenticator] Auth constraint found, enforcing auth first.
[com.centrify.fs.SamlAgent] Force Auth attribute is true.
This is expected and unavoidable.
For details please refer to our sample apps, “adfs-claims-aware” and “adfs-ordering”.