Looking into LDAP authN for CAS. On first read, the Spring
LdapContextSource (hence CAS) looks _not_ to support StartTLS.
Correct?
No, that is not correct. You can leverage Spring
ExternalTlsDirContextAuthenticationStrategy to inject an
SSLSocketFactory that handles startTLS. Here's a configuration snippet:
<bean id="contextSource" parent="baseContextSource"
class="org.springframework.ldap.core.support.LdapContextSource"
p:url="${ldap.url}">
<property name="authenticationStrategy">
<bean
class="org.springframework.ldap.core.support.ExternalTlsDirContextAuthenticationStrategy">
<property name="sslSocketFactory">
<bean
class="edu.vt.middleware.ldap.LdapTLSSocketFactory"
init-method="initialize"
p:keyStoreName="${ldap.keystore.path}"
p:keyStorePathType="FILEPATH"
p:keyStorePassword="changeit"
p:keyStoreType="BKS"
/>
</property>
</bean>
</property>
</bean>
LdapTLSSocketFactory is a vt-ldap component, but there's a similar one
in ldaptive.
If you want to use ldaptive instead of Spring LDAP you could wait for
CAS 4.0 (which uses it natively) or check out
https://github.com/serac/cas-server-integration-ldaptive.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
