Can I extract a field of certificate field and compare it to field of
Oracle database?
I try with X509CertificateCredentialsToSerialNumberPrincipalResolver and I
referenced with attributeRepository but not extract the correct field. I
want to extract the serialnumber of card.
In the log appears:
2010-09-23 18:49:26,803 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - --examining
cert[133091037856105669837673331152098874953] CN=AC DNIE 001, OU=DNIE,
O=DIRECCION GENERAL DE LA POLICIA, C=ES" from issuer "CN=AC RAIZ DNIE,
OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES"
2010-09-23 18:49:26,804 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - certificate is valid
2010-09-23 18:49:26,805 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - Pattern Match: true [CN=AC RAIZ DNIE, OU=DNIE,
O=DIRECCION GENERAL DE LA POLICIA, C=ES] against [CN=AC RAIZ DNIE, OU=DNIE,
O=DIRECCION GENERAL DE LA POLICIA, C=ES].
2010-09-23 18:49:26,806 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - certificate was issued by trusted issuer
2010-09-23 18:49:26,806 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - this is a CA certificate
2010-09-23 18:49:26,808 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - --examining
cert[127875069360057772077960648576222529075] CN="CARRERAS CALERO, FRANCISCO
JAVIER (AUTENTICACIÓN)", GIVENNAME=FRANCISCO JAVIER, SURNAME=CARRERAS,
SERIALNUMBER=111111F, C=ES" from issuer "CN=AC DNIE 001, OU=DNIE,
O=DIRECCION GENERAL DE LA POLICIA, C=ES"
2010-09-23 18:49:26,808 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - certificate is valid
2010-09-23 18:49:26,809 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - Pattern Match: false [CN=AC DNIE 001, OU=DNIE,
O=DIRECCION GENERAL DE LA POLICIA, C=ES] against [CN=AC RAIZ DNIE, OU=DNIE,
O=DIRECCION GENERAL DE LA POLICIA, C=ES].
2010-09-23 18:49:26,810 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - this is an end-user certificate
2010-09-23 18:49:26,811 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - Pattern Match: true [CN="CARRERAS CALERO, FRANCISCO
JAVIER (AUTENTICACIÓN)", GIVENNAME=FRANCISCO JAVIER, SURNAME=CARRERAS,
SERIALNUMBER=111111F, C=ES] against [.*].
2010-09-23 18:49:26,813 DEBUG
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - cert[127875069360057772077960648576222529075] ok,
setting as credentials candidate
2010-09-23 18:49:26,813 INFO
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA
uthenticationHandler] - authentication OK; SSL client authentication data
meets criteria for cert[127875069360057772077960648576222529075]
2010-09-23 18:49:26,815 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAu
thenticationHandler successfully authenticated the user which provided the
following credentials:
org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredenti
a...@1e4f66a
2010-09-23 18:49:26,815 DEBUG
[org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredent
ialsToSerialNumberPrincipalResolver] - Attempting to resolve a principal...
2010-09-23 18:49:26,816 DEBUG
[org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredent
ialsToSerialNumberPrincipalResolver] - Creating SimplePrincipal for
[127875069360057772077960648576222529075]
2010-09-23 18:49:26,818 DEBUG
[org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao]
- Created seed map='{username=[127875069360057772077960648576222529075]}'
for uid='127875069360057772077960648576222529075'
2010-09-23 18:49:26,819 DEBUG
[org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao]
- Adding attribute 'num_doc' with value
'[127875069360057772077960648576222529075]' to query builder 'null'
2010-09-23 18:49:26,826 DEBUG
[org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao]
- Generated query builder 'sql=[num_doc = ?]
args=[127875069360057772077960648576222529075]' from query Map
{username=[127875069360057772077960648576222529075]}.
2010-09-23 18:49:26,852 DEBUG
[org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao]
- Executed 'SELECT APELLIDO1,NOMBRE,NUM_DOC FROM USUARIOS WHERE num_doc = ?'
with arguments [127875069360057772077960648576222529075] and got results []
2010-09-23 18:49:26,905 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not
generate service.
2010-09-23 18:49:26,906 DEBUG
[org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not
generate service.
De: Scott Battaglia [mailto:[email protected]]
Enviado el: jueves, 23 de septiembre de 2010 4:52
Para: [email protected]
Asunto: Re: [cas-user] CAS with X509 and jdbc
All of our resolves extend this class:
https://source.jasig.org/cas3/tags/cas-server-3.4.2.1/cas-server-core/src/ma
in/java/org/jasig/cas/authentication/principal/AbstractPersonDirectoryCreden
tialsToPrincipalResolver.java
They all have a property that says if no attributes are found, return null.
You can probably use that to look up the user.
On Wed, Sep 22, 2010 at 7:38 AM, Fco Javier Carreras Calero
<[email protected]> wrote:
Hi,
I've gotten the CAS server authenticate a user with an x509 card. I made it
with the class X509CertificateCredentialsToSerialNumberPrincipalResolver,
but I want that the user exists in the database (Oracle) to be
authenticated. The example in the web is done with LDAP.
How should I do? with repositoryattributes? Would this be referenced from
the class attributes as an identifier indicating the serialnumber?
Ahh, I forgot, I want to compare the serialnumber of the card with a
specific field of database.
Thanks
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
