I can think of two options (though I can't vouch for how well both will work but it should be easy to test):
1. Use the Authentication Manager that maps an AuthHandler to a CtPR. 2. Add the basic CtPR to the list of resolvers after the LDAP one. Failure of the first should result in the second being used. In theory. On Wed, Jul 7, 2010 at 1:33 PM, Michael Edmonds <[email protected]> wrote: > We store our member accounts in ldap with a secondary authentication > handler which looks up guest accounts in a mysql database. This has been > working for us, except now we want to be able to release attributes via > SAML, using > org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver. > Attribute release works great for ldap accounts, but for mysql accounts we > get an error like: > > > > 2010-07-07 14:54:13,321 INFO > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - <Initial principal "USERNAME" was not found in LDAP, returning null> > > > > Is there a way to make the attribute resolver only run if the user is > authenticated via ldap? Either that or just return empty attributes if an > account is not found? As it is now, it makes our mysql accts not work. > > > > Thanks! > > > > -Mike Edmonds > > [email protected] > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
