We are in the process of supporting X509 certificates for authentication of users. It is one thing to accept / authorize via the X509 certificate, but of course we need to go a step further and validate whether or not the owner of the certificate is allowed access via an LDAP look up. We are thinking about using the EDIPI number on the end of a Common Name (e.g., CN = firstname.lastname.<edipi number>. The smart cards that will be used appends this unique number (EDIPI) on the end of the CN.
I am trying to determine the best possible approach to retreive this EDIPI number off of the certificate and then use that number to do an LDAP look up. Have others tried this and been successful? I am currently using the X509CertificateCredentialsToSubjectPrinciplalResolver to obtain the CN for authentication, but what I am missing is how to obtain that field to then do an LDAP lookup. Any help or pointers would be appreciated. I am going to start to look at the LDAP section of the CAS user manual to see if that will help explain how to move forward. Schawn -- View this message in context: http://jasig.275507.n4.nabble.com/Using-LDAP-and-X509-for-authentication-authorization-tp4656353.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
