Re: [cas-user] Filter attributes in X509 auth

Mon, 15 Mar 2010 05:56:05 -0700 

Its not supported by CAS. Marvid opened an issue on jira about using regular
expressions.

I solved the problem extending the class with another property:

<!--  DNIe Resolver -->
     <bean

class="se.gu.cas.X509RegexpCertificateCredentialsToIdentifierPrincipalResolver">
   <property name="identifier" value="$SERIALNUMBER" />
</bean>
<!--  FNMT Resolver -->
<bean

class="se.gu.cas.X509RegexpCertificateCredentialsToIdentifierPrincipalResolver">
   <property name="identifier" value="$CN" />
   <property name="regexp" value="CIF ([A-Z]\d{8})|NIF (\d{8}[A-Z])" />
</bean>


In my own class I parse the content of the identifier

Hope this helps you.


Pablo

2010/3/11 Francisco Estanqueiro <[email protected]>

> Thats what I'm going to do if there's no way I can filter the attributes in
> deployerConfigContext.xml.
>
> Thanks for the suggestion.
>
> Francisco
>
>
> Joachim Fritschi wrote:
>
>> Hi,
>>
>> How about writing a class similar to the
>>
>> X509CertificateCredentialsToSerialNumberPrincipalResolver
>> that extends the AbstractX509CertificateCredentialsToPrincipalResolver
>>
>> and simply chopping of the chars you want to ignore before returning the
>> string in the resolvePrincipalInternal() function?
>>
>> Regards,
>>
>> Joachim
>>
>> Francisco Estanqueiro schrieb:
>>
>>> Anyone?
>>>
>>> Francisco Estanqueiro wrote:
>>>
>>>> Hello everyone,
>>>>
>>>> I would like to know if there's a way for me to remove characters from
>>>> an attribute from an X509 Certificate and match it with an LDAP attribute.
>>>> My config is:
>>>>
>>>> Attribute from X509: <property name="identifier" value="$SERIALNUMBER"
>>>> />
>>>>
>>>> Attribute to Match: <property name="filter" value="description=%u" />
>>>>
>>>> This works beautifully if they are the same.. but my problem is I want
>>>> to ignore the first two and the last characters from $SERIALNUMBER and then
>>>> match it with the ldap attribute "description".
>>>>
>>>> Example:
>>>> $SERIALNUMBER: XX123123123X
>>>> description: 123123123
>>>>
>>>> Its possible?
>>>>
>>>> Thanks,
>>>> Francisco
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to