> I am using certificate authentication from a smart card reader. I was > wondering if it would be possible to pull an attribute from the certificate > and store that in the LDAP database according to a username. Once the > attribute is mapped to a user, then whenever that same certificate would be > authenticated, it would login as the user mapped to the database.
We do something like this: - Authenticate user with X.509 cert on Aladdin eToken - Parse DN and extract numeric UID attribute - Perform LDAP query to map numeric UID to string principal name You can do the above with components CAS provides out of the box. CAS does not have components, per se, for LDAP write operations, so you would have to develop that component on your own to store your cert attribute in LDAP. As for mapping the cert attribute to the data stored in LDAP, CAS supports this well via CredentialsToLDAPAttributePrincipalResolver. Hope that helps, M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
