The problem below is resolved by release 3.3.5. From the release notes:
* new AuthenticationManager that maps AuthenticationHandlers and CredentialsToPrincipalResolvers such that a successful authentication handler triggers a specific CredentialsToPrincipalResolver (sponsored by Pepperdine University)
source: http://www.jasig.org/cas-server-335-final-released Cheers Andy Andy Cowling wrote:
HiThe in-line docs for credentialsToPrincipalResolvers in deployerConfigContext.xml state that:The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which supports the presented credentialsBy "supports" here I understand that the AuthenticationManagerImpl will consider the first CredentialToPrincipalResolver which reports to support the given credentials class. If many CredentialToPrincipalResolvers exist which support the same credentials class, only the first in the list will be asked to resolve the credentials to a principal. If it fails to do so, the other CredentialToPrincipalResolvers which also support the credentials object will not be tried.How can we implement a multi-LDAP cas environment, with a distinct CredentialToPrincipalResolver in each case (due to the multiplicity of backends)?Cheers Andy -- Andy Cowling | UK Core IT Interactive Data Managed Solutions Ltd ------------------------------------------------------------------------------------------------------------------------------- Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | UK Tel: +44 (0)1242 6941 15 | Fax: +44 (0)1242 6941 01[email protected] http://www.interactivedata-ms.com <http://www.interactivedata-ms.com/>This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message inerror, please delete this message from your system and notify the senderimmediately. An unintended recipient's disclosure, copying, distribution, oruse of this message or any attachments is prohibited and may be unlawful.Interactive Data (Europe) Ltd Registered No. 949387 England Registered Office:Fitzroy House 13-17 Epworth Street. London. EC2A 4DL
-- Andy Cowling | UK Core IT Interactive Data Managed Solutions Ltd ------------------------------------------------------------------------------------------------------------------------------- Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | UK Tel: +44 (0)1242 6941 15 | Fax: +44 (0)1242 6941 01[email protected] http://www.interactivedata-ms.com <http://www.interactivedata-ms.com/>
This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message in
error, please delete this message from your system and notify the senderimmediately. An unintended recipient's disclosure, copying, distribution, or
use of this message or any attachments is prohibited and may be unlawful.Interactive Data (Europe) Ltd Registered No. 949387 England Registered Office:
Fitzroy House 13-17 Epworth Street. London. EC2A 4DL
smime.p7s
Description: S/MIME Cryptographic Signature
