> My question / issue is how do I compare the string DN from the > X509CertificateCredentialsToDistinguishedNamePrincipalResolver to an > attribute (SubjectDn) in the certificate which is DER encoded.
You can't do this with any component provided with CAS, and although straightforward will take some time with a library like BouncyCastle. If you _really_ want to read a DER-encoded cert from LDAP and make decisions on it, you might check out the vt-crypt library, http://code.google.com/p/vt-middleware/wiki/vtcrypt, which has some methods that make read/write operations on DER/PEM-encoded certs much easier. Now that I've hopefully discouraged you from what you want to do, you shouldn't _need_ to do any of that. The servlet container really handles client cert authentication, and if it succeeds puts a X509Certificate object in the request that you can get at via following: X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); In fact this is what the X509 cert authentication handlers do. The container does the heavy work by creating an X509Certificate object and you simply interact with the certificate through that interface. We do what you're trying to do through the plain-vanilla CAS API (pull out something from certificate subject and do LDAP query on it) and it works well. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
