Sure is possible. One strategy to do this would be: 1) Create a simple "strategy" interface/impl that takes a principal id and does an additional validation (checking the status against a DB2 data source in this case) 2) Add an additional action state to the CAS' login flow to execute this check and based on the outcome either transition to a regular ticket generation state or a friendly end state halting the login process.
This should be easily accomplished in the standard Maven war overlay over CAS server war. Happy New Year. Dmitriy. On Dec 31, 2012, at 2:02 PM, "Ken Maruyama" <[email protected]> wrote: > Hi I currently have this configured and it is working fine. > > 1. User log's in with profile_name/pass. > 2. Validate that profile_name/pass against LDAP. > 3. If success use CredentialsToLDAPAttributePrincipalResolver to get a > different attribute from LDAP to use it as an ID to use for the client. > 4. Ticket is generated successfully and user is logged into the server using > the ID (Not profile_name). > > I want to add the following step before 4. > > - Based on the ID obtained from LDAP, go to database (DB2) and make sure this > user has a valid status. > > How would I approach this kind of situation where I have to use two separate > source to do validation? > > Thank you in advance. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
