Enabling Both Local and SSO Authentication


You have set up SAML2 SSO authentication using the guidance within the Xinet Documentation, but find that you can no longer log in with local users, such as the built-in 'nativeadmin' user. You want a method for allowing both the local and SSO authentication for your Xinet site.



By design, the Xinet SSO authentication configuration steps will replace the standard authentication entirely with the suggested Mellon authentication module. 

As a workaround, you can assign two unique IP Addresses to your server and define two Virtual Host entries for each of your authentication methods within your Apache config's Virtual Hosts section. One of the IP addresses will be able to use the local authentication, while the other can use your SSO SAML authentication.

You can find attached an example snippet of two VirtualHost entries that you can use as a template for adjusting your /etc/httpd/conf/httpd.conf to accomplish this Apache customization. You will need to at minimum make the following adjustments before including these within your httpd.conf:

  • Replace xxx.xxx.xxx.xx1 with the IP you want to use for Basic Local Authentication
  • Replace xxx.xxx.xxx.xx2 with the IP you want to use for SSO SAML Authentication
Note: As this behavior is not intended, our ability to support this customization is limited. Please consider speaking with your System Admin for assistance with implementing this within your environment.




Please sign in to leave a comment.