SAML always defaults to one default authn script:  Using an OpenID Connect client, you can use the `acr_values` parameter to specify the name of any script. There is a [feature request](https://github.com/GluuFederation/oxShibboleth/issues/15) to make SAML more flexible.

Hi, Zach. If you just need your SAML flows to use your default authentication method, that should be possible. What is your current settings at "Default authentication methods" tab (the one shown on Michael's screenshot above)?

Hi guys, Current settings are to use 'basic' for both. However we modified the default 'basic' auth script. When logging directly into oxTrust we see those modifications being implemented. But when logging in via SP through SAML trust relationship those changes aren't implemented. Do you know why SAML flow wouldn't pick up that change to 'basic' script? Zach


> Do you know why SAML flow wouldn't pick up that change to 'basic' script? It should use it, if it's set as Default. I'll try to test it with the "stock" basic auth script, but could you provide your script as well, just in case?

Thanks Aliaks, appreciate you looking into it. Here is our modified basic script we're testing out: ``` # oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. # Copyright (c) 2016, Gluu # # Author: Yuriy Movchan # from javax.faces.context import FacesContext from org.xdi.service.cdi.util import CdiUtil from org.xdi.oxauth.security import Identity from org.xdi.model.custom.script.type.auth import PersonAuthenticationType from org.xdi.oxauth.service import AuthenticationService from org.xdi.util import StringHelper import java class PersonAuthentication(PersonAuthenticationType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis def init(self, configurationAttributes): print "Basic. Initialization" print "Basic. Initialized successfully" return True def destroy(self, configurationAttributes): print "Basic. Destroy" print "Basic. Destroyed successfully" return True def getApiVersion(self): return 1 def isValidAuthenticationMethod(self, usageType, configurationAttributes): return True def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes): return None def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if (step == 1): print "Basic. Authenticate for step 1***********" facesContext = CdiUtil.bean(FacesContext) externalContext = facesContext.getExternalContext() request = externalContext.getRequest() identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = externalContext.getRequestHeaderMap().get("apache_name") user_password = credentials.getPassword() print "Attempting to authenticate: %s" % (user_name) logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = authenticationService.authenticate(user_name) print "Authenticated: %s" % (logged_in) if (not logged_in): return False return True else: return False def prepareForStep(self, configurationAttributes, requestParameters, step): facesContext = CdiUtil.bean(FacesContext) externalContext = facesContext.getExternalContext() request = externalContext.getRequest() if (step == 1): print "Basic. Prepare for Step 1++++++++++++++" user_name = externalContext.getRequestHeaderMap().get("apache_name") print "Custom username header: %s" % (user_name) return True else: return False def getExtraParametersForStep(self, configurationAttributes, step): return None def getCountAuthenticationSteps(self, configurationAttributes): return 1 def getPageForStep(self, configurationAttributes, step): return "" def logout(self, configurationAttributes, requestParameters): return True ``` I also noticed that in Michael's screenshots the labels for those default auth form fields are different than ours. I thought I had pulled the latest stable 3.1.0 build but maybe I'm behind?

Thanks, will check it in a few days. >I also noticed that in Michael's screenshots the labels for those default auth form fields are different than ours. I thought I had pulled the latest stable 3.1.0 build but maybe I'm behind? I'm not sure what Michael's package version is, could be older than 3.1, or could be devel 3.1.1 package (yet not released).

After restarting oxAuth service SAML seems to be picking up the modded script now as well. Sorry for the bother guys and thanks for the support!