Thank you again for the info. I was able to add an action to login-webflow.xml and create a flow that I needed.
I created a simple POJO with a method that takes String as a parameter. The goal is to pass the resolved principle id and pass it to this method. Then this method will do the validation against DB2. I am currently trying to figure out how to obtain the resolved principle id and use it in the method I created. For test purpose I used flowScope.credentials.username as a parameter like this: <evaluate expression="myPojo.myMethod(flowScope.credentials.username)" /> but this gives me the login id which is what the user entered on the form, not the resolved ID that the program needs. I use CredentialsToLDAPAttributePrincipalResolver to get a different ID from LDAP. I will continue to do research, but if you can point me on where the resolved ID gets stored and how to access that in login-webflow.xml, that will be great. Thank you, Ken Maruyama Technical Architect Fashion Institute of Design & Merchandising 1-213-624-1201 Ex.4525 [email protected] From: Dmitriy Kopylenko <[email protected]> To: <[email protected]> Date: 01/07/2013 04:21 PM Subject: Re: [cas-user] Combine LDAP with SQL for validation Sent from my iPhone On Jan 7, 2013, at 16:49, "Ken Maruyama" <[email protected]> wrote: > Hi Dmitriy, > > I'm trying to follow your suggestion, but have some questions. > > First, when you say I should create a interface/impl, do you mean to create a implementation of AuthenticationHandler? No. I mean a separate API/Impl from core CAS API. In other words a custom API which should plug into the CAS login webflow. > > > Second, does adding additional action means adding a <bean> property in the authenticationHandlers section of the deployerConfigContext.xml? It would be a custom state definition in login-webflow.xml as well as any custom beans in WEB-INF/spring-configuration. > uthenticationManagerImpl"> > <property name="credentialsToPrincipalResolvers"> > <list> > <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> > <property name="credentialsToPrincipalResolver"> > <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> > </property> > <property name="filter" value="(uid=%u)" /> > <property name="principalAttributeName" > value="XXXXXXXXXXXXXX" /> > <property name="searchBase" value="o=XXXXXX,c=XXXXXX" /> > <property name="contextSource" ref="contextSource" /> > <property name="attributeRepository"> > <ref bean="attributeRepository" /> > </property> > </bean> > <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> > > <property name="attributeRepository" > ref="attributeRepository" /> > </bean> > <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> > </list> > </property> > <property name="authenticationHandlers"> > <list> > <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > p:httpClient-ref="httpClient" /> > <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > p:filter="uid=%u" p:searchBase="o=XXXXXXXXX,c=XXXXXXX" > p:contextSource-ref="contextSource" /> > </list> > </property> > </bean> > <sec:user-service id="userDetailsService"> > <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" > authorities="ROLE_ADMIN" /> > </sec:user-service> > <bean id="attributeRepository" > class="org.jasig.services.persondir.support.StubPersonAttributeDao"> > > <property name="backingMap"> > <map> > <entry key="uid" value="uid" /> > <entry key="eduPersonAffiliation" > value="eduPersonAffiliation" /> > <entry key="groupMembership" value="groupMembership" /> > </map> > </property> > </bean> > <bean id="serviceRegistryDao" > class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> > <property name="registeredServices"> > <list> > <bean class="org.jasig.cas.services.RegexRegisteredService"> > > <property name="id" value="0" /> > <property name="name" value="HTTP and IMAP" /> > <property name="description" > value="Allows HTTP(S) and IMAP(S) protocols" /> > <property name="serviceId" > value="^(https?|imaps?)://.*" /> > <property name="evaluationOrder" value="10000001" /> > </bean> > </list> > </property> > </bean> > <bean id="auditTrailManager" > class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> > <bean id="healthCheckMonitor" > class="org.jasig.cas.monitor.HealthCheckMonitor"> > <property name="monitors"> > <list> > <bean class="org.jasig.cas.monitor.MemoryMonitor" > p:freeMemoryWarnThreshold="10" /> > <bean class="org.jasig.cas.monitor.SessionMonitor" > p:ticketRegistry-ref="ticketRegistry" > p:serviceTicketCountWarnThreshold="5000" > p:sessionCountWarnThreshold="100000" /> > </list> > </property> > </bean> > <bean id="contextSource" > class="org.springframework.ldap.core.support.LdapContextSource"> > <property name="pooled" value="false" /> > <property name="url" value="ldaps://XXXXXXXXX:636" /> > <property name="baseEnvironmentProperties"> > <map> > <entry key="com.sun.jndi.ldap.connect.timeout" > value="3000" /> > <entry key="com.sun.jndi.ldap.read.timeout" value="3000" /> > <entry key="java.naming.security.authentication" > value="simple" /> > </map> > </property> > </bean> > </beans> > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user DISCLAIMER This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Use or distribution of this email by an unintended recipient is prohibited and may be a violation of law. If you have received this email in error, please notify the sender immediately and then destroy the document. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of FIDM. Finally, the recipient should check this email and any attachments for the presence of viruses. FIDM accepts no liability for any damage caused by any virus transmitted by this email. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
