> What we would like to do is replace the incoming principle (e.g. > "[email protected]") with the long representation, before the TGT is granted. > Thus, when STs are granted, we get back the long ID instead of the original > principle, which is of much more use to us (we don't really care who the user > is - we just need the ID).
The following component should meet your requirements: https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/authentication/LinkedAuthenticationHandlerAndCredentialsToPrincipalResolverAuthenticationManager.java The way this component works is that when a principal is successfully authenticated, a mapping of handlers to resolvers is consulted using the successful handler as a key. The resolver that is returned is used to transform the credential to a principal. In other words the credential is transformed as a function of handler, which is how I understood your use case. M
smime.p7s
Description: S/MIME cryptographic signature
