We previously used LDAP authentication. In that setup, we had a password box that would accept user input and if the user was manual or ldap, they would login from that box.
When we switched to shibboleth and disabled the ldap authentication, I expected the configuration to more or less follow the same options - you enter name & password, hit enter and be logged in. However, by default, none of the shibboleth logins would work at that box -- I'm directed to the invalid login dialog.
So, I changed the alternateloginurl to be /auth/shibboleth/index.php (the apache config had that file protected by shibboleth). Now, when people login, if they're not in the manual category, they get directed to the authentication website to login; granted, they only have to do this once per session.
I'm wondering if this is the intended operation? Ideally, we would have the information from the login box directed to the shibboleth agent without being directed to a different website.
And, it's not clear to me how to use shibboleth and another authentication method since we need to modify alternateloginurl to get anything to work.