I have been viewing the posts associated with the X509 resolvers and have not been able to figure out why I am having issues trying to get the CAS to authenticate users via Client certs from a CAC. Should I be able to authenticate directly to CAS and getting the "Log In Successful" page. Apache Tomcat 7 has been modified to request client certs.. I think I have followed the url https://wiki.jasig.org/display/CASUM/X.509+Certificates fully except for using a different Credentials to Principal Resolver (X509CertificateCredentialsToSubjectPrinciplalResolver). Here are config files I have modified per the url:
*login-webflow.xml* <flow xmlns="http://www.springframework.org/schema/webflow"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd";> <var name="credentials" class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" /> <on-start> <evaluate expression="initialFlowSetupAction" /> </on-start> <decision-state id="ticketGrantingTicketExistsCheck"> <if test="flowScope.ticketGrantingTicketId != null" then="hasServiceCheck" else="gatewayRequestCheck" /> </decision-state> <decision-state id="gatewayRequestCheck"> <if test="requestParameters.gateway != '' and requestParameters.gateway != null and flowScope.service != null" then="gatewayServicesManagementCheck" else="generateLoginTicket" /> </decision-state> <decision-state id="hasServiceCheck"> <if test="flowScope.service != null" then="renewRequestCheck" else="viewGenericLoginSuccess" /> </decision-state> <decision-state id="renewRequestCheck"> <if test="requestParameters.renew != '' and requestParameters.renew != null" then="startAuthenticate" else="generateServiceTicket" /> </decision-state> <decision-state id="warn"> <if test="flowScope.warnCookieValue" then="showWarningView" else="redirect" /> </decision-state> <action-state id="startAuthenticate"> <evaluate expression="x509Check" /> <transition on="success" to="sendTicketGrantingTicket" /> <transition on="warn" to="warn" /> <transition on="error" to="generateLoginTicket" /> </action-state> ...... </flow> *deployerConfigContext.xml* *Credentials to Principal Resolver* <bean class="org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToSubjectPrinciplalResolver"> <property name="descriptor" value="$CN" /> </bean> *AuthenticationHandler* <bean class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler"> <property name="trustedIssuerDnPattern" value="OU = something,OU = something,O = something,C =something.+" /> </bean> Just not sure where I am going wrong. Maybe I have something misconfigured. Can someone point me in the correct direction. Thanks -- View this message in context: http://jasig.275507.n4.nabble.com/CAS-3-5-X509CertificateCredentialsToSubjectPrinciplalResolver-not-resolving-Certificate-tp4657099.html Sent from the CAS Developers mailing list archive at Nabble.com. -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
