I stress Marvin's warning. In our setup we have two different authentication methods, Active Directory and a home-grown authentication. The problem is that we cannot ensure globally unique identifiers across the two. I solved the problem by writing a custom CredentialsToPrincipalResolver for each and an AuthenticationHandler for our custom authentication. In our setup, different authentication methods get different login pages. Each pages uses different Credentials objects (though they both inherit from UsernamePasswordCredentials) so the CredentialsToPrincipalResolver can choose the correct AuthenticationHandler. This avoids problems when two different people have the same username in each authentication store. Because of this, we don't do fall-through authentication.
As others have posted, I too wrote custom CredentialsToPrincipalResolver On Thu, May 19, 2011 at 7:15 AM, Georges Rossopoulos <[email protected]> wrote: > Hello, > > I'm fairly new to CAS, but already got 3.4.7 up and running > on a clean debian distribution, using the JDBC authentication handler. > > In addition to this method, I would need my CAS to use a WEB service > to authenticate a separate users population. > > I've seen posts on how to add new authentication handlers, > but if anyone has already implemented one with a WEB service, > I'd be more than happy to share ! > > Cheers > Georges > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
