> We are not fronted with Apache. So Tomcat is both > the server and servlet container in our case.
Tomcat has the same features, but the details depend upon the kind of connector (BIO/NIO vs APR). See http://tomcat.apache.org/tomcat-7.0-doc/config/http.html for more info. >I have the example set up and seems to > be accepting my X509 certificate and allowing me to login, but that is just > with the basic X509 authentication, I still need to validate that the user > is allowed into the site, via a LDAP lookup. We actually do something conceptually similar. You'll have to roll your own CToPResolver, but I can offer some inspiration in code we have used successfully for a similar purpose: https://svn.middleware.vt.edu/svn/middleware/cas/cas-server/tags/cas-server-3.4.12/vt-cas-server-ext/src/main/java/edu/vt/middleware/cas/authentication/principal/AbstractCredentialsToPrincipalResolver.java https://svn.middleware.vt.edu/svn/middleware/cas/cas-server/tags/cas-server-3.4.12/vt-cas-server-ext/src/main/java/edu/vt/middleware/cas/authentication/principal/PDCCredentialsToPrincipalResolver.java In our case the attribute on the DN is called UID and we use that to perform a directory lookup to resolve the principal. You should be able to adapt it to your use case fairly easily. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
