> However, when using username+password authentication, the literal > username entered by the client is returned to the CAS client (cf. > serviceValidate). I enter 'FrEd' and the application sees 'FrEd' instead > of 'fred' or whatever it might be expecting.
We recommend doing name canonicalization as part of principal resolution. Many resolvers, including the LDAP components, provide a means to specify an attribute to use for the principal ID. If you're fetching attributes from the directory anyway (as most folks are) as part of principal resolution, then it's pretty natural to do normalization here. Many deployments will use the same attribute that is the basis of the search that is part of the authentication process (search+bind), but there's no measurable overhead if you're already fetching attributes for other purposes. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
