is it possible to have a x509 authentication which is verified through a crl and then search the x509 cn in a ldap store for a special attribute? This attribute should accept or deny the authentication after the crl lookup was ok.
Yes. I developed CRL checking functionality about a year ago, but never documented it. (Shame on me.) We're using this functionality in production and it works well. I'm hopeful that review of the source and studying an example will at least give some pointers if not a clear usage picture. Relevant source for the CRL checking: https://github.com/Jasig/cas/tree/74606bf35b90149ee16491735cafa4864fe8d857/cas-server-support-x509/src/main/java/org/jasig/cas/adaptors/x509/authentication/handler/support The x509AuthHandler bean in the following config demonstrates wiring: https://svn.middleware.vt.edu/svn/middleware/cas/cas-server/tags/cas-server-3.4.11/vt-cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml Happy to answer questions. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
