It seems I don't understand your issue. Andy Cowling wrote: > 4. We use a webflow that first executes the X509Check - and then if > successful, passes the user to the login form. Invalid cert uses > do not see the login form.
If you already successfully authenticated the user via X509Check why do you present a login form? > 5. In the login form authentication handler the certificate is made > available (yet), What does "the certificate is made available" mean? > but the username (and password) from the login > form is. This latter username (and password) must correspond to a > uid and a matching password in LDAP. That's normal. > 6. What we're asking for is conceptually simple. We just need to > check that the uid in (3) matches the uid in (5) [i.e. > uid1.compareTo(uid2) == 0] If you can successfully map the user after X509Check via CredentialsToLDAPAttributePrincipalResolver to the uid why do you need that? Is the uid then your authz-ID? Ciao, Michael. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
