I will assume that you want a login form that takes username/password and Tomcat is configured to request a client certificate for the CAS /login URI. (This is the only way I can imagine you're getting both the LDAP bind credentials and cert simultaneously.)
Here is my recommendation for how to proceed: 1. Create a subclass of UsernamePasswordCredentials that contains both a username/password and the X509Certificate credential. 2. Create an instance of CredentialsBinder that creates your custom credentials class above. The binder has access to the HttpServletRequest, so you will have convenient access to the javax.servlet.request.X509Certificate attribute that contains any certificates. 3. Modify the authenticationViaFormAction bean in cas-servlet.xml: A. credentialsBinder=YourCredentialsBinder B. formObjectClass=YourUsernamePasswordCredentials 4. Create a subclass of BindLdapAuthenticationHandler that does both the LDAP bind and subsequent X.509 DN validation and register it to handle credentials of type UsernamePasswordCredentials. The LDAP bind handler should fire naturally since you are supplying an instance of UsernamePasswordCredentials (your custom class). You shouldn't need to modify the Webflow at all from the default since you don't want the x509Check action, which will short-circuit username/password handlers. Hope that helps, Marvin -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
