Re: [cas-user] Sign-on with alias

Tue, 25 Aug 2009 08:58:30 -0700 

Marvin,

we are currently using the 'slow bind' method, see below.
I think I understand how to search for the 'mail' attribute, if the username search fails (another principal resolver bean added on below), but am unsure how to then use this to check the password, and give the AD object name (sAMaccount) to CAS, instead of the alias. 

Any help is much appreciated!

Johan
-----------------
<property name="credentialsToPrincipalResolvers">
   <list>
<bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> 
                  <property name="credentialsToPrincipalResolver">
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> 
                  </property>
<!-- The query made to find the Principal ID. "%u" will be replaced by the resolved Principal --> 
                   <property name="filter" value="(sAMAccountName=%u)" />
<!-- The attribute used to define the new Principal ID --> <property name="principalAttributeName" value="sAMAccountName" />
<property name="searchBase" value="ou=WEB,dc=.........,dc=edu" /> 

                    <property name="contextSource" ref="contextSource" />

                     <!-- use the attrib repository defined below -->
                     <property name="attributeRepository">
                                  <ref bean="attribRepository" />
                     </property>
           </bean>
  </list>
 </property>
----- Original Message ----- From: "Marvin Addison" <[email protected]> 
To: <[email protected]>
Sent: Monday, August 24, 2009 6:00 PM
Subject: Re: [cas-user] Sign-on with alias
our users login to CAS with a numeric id, and all apps are configured with this id as their security 
object id.
...
We have been asked if it is possible to allow users to login with an alias instead of their numeric id 
...
We use MS-AD as the backend datastore


So you're currently using LDAP as the authentication provider for CAS?
If so, what is your LDAP search filter?  It should be easy to do what
you want in any case; just need more info about your current setup to
point you in the right direction.

M

--
You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user 


--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to