On 07/12/2013 02:15 PM, Scott Battaglia wrote:
>> I believe there's also a PrincipalTransformer:
>> https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/PrincipalNameTransformer.java
Hmm, being discarded, this sounds like it may not accomplish what I was
hoping to do:
> /**
> * Transform the string typed into the login form into a tentative
> Principal Name to be
> * validated by a specific type of Authentication Handler.
> *
> * <p>The Principal Name eventually assigned by the
> CredentialsToPrincipalResolver may
> * be unqualified ("AENewman"). However, validation of the Principal name
> against a
> * particular backend source represented by a particular Authentication
> Handler may
> * require transformation to a temporary fully qualified format such as
> * [email protected] or MAD\AENewman. After validation, this form
> of the
> * Principal name is discarded in favor of the choice made by the
> Resolver.
> *
> * @param formUserId The raw userid typed into the login form
> * @return the string that the Authentication Handler should lookup in
> the backend system
> */
In fact, I went ahead and implemented the above and it normalized the
username being sent to the LDAP directory for bind (again, I'm using
direct bind), but (1) log entries (cas.log) and (2) service ticket
response and (3) the TGT entry contained the non-normalized name.
What I'm hoping to do is:
(1) ensure username in the TGT is in a normalized/canonical form
(2) ensure ST validation returns the normalized/canonical form
Tom.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
