Re: [cas-user] Combine LDAP with SQL for validation

Mon, 07 Jan 2013 16:21:20 -0800 


Sent from my iPhone

On Jan 7, 2013, at 16:49, "Ken Maruyama" <[email protected]> wrote:

> Hi Dmitriy,
> 
> I'm trying to follow your suggestion, but have some questions.
> 
> First, when you say I should create a interface/impl, do you mean to create a 
> implementation of AuthenticationHandler?

No. I mean a separate API/Impl from core CAS API. In other words a custom API 
which should plug into the CAS login webflow. 


> 
> 
> Second, does adding additional action means adding a <bean> property in the 
> authenticationHandlers section of the deployerConfigContext.xml?

It would be a custom state definition in login-webflow.xml as well as any 
custom beans in WEB-INF/spring-configuration. 

> uthenticationManagerImpl">
>    <property name="credentialsToPrincipalResolvers">
>      <list>
>        <bean 
> class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
>          <property name="credentialsToPrincipalResolver">
>            <bean 
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>  />
>          </property>
>          <property name="filter" value="(uid=%u)" />
>          <property name="principalAttributeName"
>          value="XXXXXXXXXXXXXX" />
>          <property name="searchBase" value="o=XXXXXX,c=XXXXXX" />
>          <property name="contextSource" ref="contextSource" />
>          <property name="attributeRepository">
>            <ref bean="attributeRepository" />
>          </property>
>        </bean>
>        <bean 
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
> 
>          <property name="attributeRepository"
>          ref="attributeRepository" />
>        </bean>
>        <bean 
> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
>  />
>      </list>
>    </property>
>    <property name="authenticationHandlers">
>      <list>
>        <bean 
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
>        p:httpClient-ref="httpClient" />
>        <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>        p:filter="uid=%u" p:searchBase="o=XXXXXXXXX,c=XXXXXXX"
>        p:contextSource-ref="contextSource" />
>      </list>
>    </property>
>  </bean>
>  <sec:user-service id="userDetailsService">
>    <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused"
>    authorities="ROLE_ADMIN" />
>  </sec:user-service>
>  <bean id="attributeRepository"
>  class="org.jasig.services.persondir.support.StubPersonAttributeDao">
> 
>    <property name="backingMap">
>      <map>
>        <entry key="uid" value="uid" />
>        <entry key="eduPersonAffiliation"
>        value="eduPersonAffiliation" />
>        <entry key="groupMembership" value="groupMembership" />
>      </map>
>    </property>
>  </bean>
>  <bean id="serviceRegistryDao"
>  class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
>    <property name="registeredServices">
>      <list>
>        <bean class="org.jasig.cas.services.RegexRegisteredService">
> 
>          <property name="id" value="0" />
>          <property name="name" value="HTTP and IMAP" />
>          <property name="description"
>          value="Allows HTTP(S) and IMAP(S) protocols" />
>          <property name="serviceId"
>          value="^(https?|imaps?)://.*" />
>          <property name="evaluationOrder" value="10000001" />
>        </bean>
>      </list>
>    </property>
>  </bean>
>  <bean id="auditTrailManager"
>  class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
>  <bean id="healthCheckMonitor"
>  class="org.jasig.cas.monitor.HealthCheckMonitor">
>    <property name="monitors">
>      <list>
>        <bean class="org.jasig.cas.monitor.MemoryMonitor"
>        p:freeMemoryWarnThreshold="10" />
>        <bean class="org.jasig.cas.monitor.SessionMonitor"
>        p:ticketRegistry-ref="ticketRegistry"
>        p:serviceTicketCountWarnThreshold="5000"
>        p:sessionCountWarnThreshold="100000" />
>      </list>
>    </property>
>  </bean>
>  <bean id="contextSource"
>  class="org.springframework.ldap.core.support.LdapContextSource">
>    <property name="pooled" value="false" />
>    <property name="url" value="ldaps://XXXXXXXXX:636" />
>    <property name="baseEnvironmentProperties">
>      <map>
>        <entry key="com.sun.jndi.ldap.connect.timeout"
>        value="3000" />
>        <entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
>        <entry key="java.naming.security.authentication"
>        value="simple" />
>      </map>
>    </property>
>  </bean>
> </beans>
> 
> -- 
> You are currently subscribed to [email protected] as: 
> [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to