There are 4 jaas flags. (a) Sufficient - If this succeeds, no other module down the chain is invoked. Login succeeds (b) required -- This must succeed for overall authentication to succeed. If it fails control is passed to other module in the chain (c) requisite -- This must succeed. If it fails, control is not passed down the chain (d) Optional -- Well can pass/fail.
Try as follows :-
Thanks for the reply. However, that configuration doesn't do what I want:
In this situation:
I want the authentication process to pass. But as LdapModule2 is required, the overall result is fail.
Also, I want:
As far as I understand, there is no configuration that could do that. The problem is the ClientModule that always passes, even though it doesn't do any real authentication. I think it would be more sensible if ClientModule always returned 'fail', then we could flag it as 'optional'.