By way of followup (thanks for the responses) in case anyone is looking for 
ways to trim spaces from username during CAS login/authentication we opted to 
use the Javascript option because it is simple and addresses the problem as 
early as possible - on the login form.  
Suggestions were to do this on the server to avoid browser issues, but we let 
the browser handle it since it is not a part of core functionality but is 
simply an aid to the user (ie. This fixes the fact that they shouldn't have put 
spaces in or before their user name, if Javascript is not enabled then they 
will have to just type it correctly).

We use onblur (works in most browsers) in the form to trim the username when 
they leave the input:
        In  view/jsp/default/ui/casLoginView.jsp - 
                add "onblur="this.value=trimVal(this.value)" to the attributes 
of form:input  id="username"

               In view/jsp/default/ui/includes/top.jsp - 
                Inside <head> Add the trimVal function:
                        <script>
                        function trimVal(string)
                        {
                           return string.replace(/\s/g,"")
                        }
                        </script>

I also like the fact that you can see the effect of this as soon as you move to 
the password input (may even catch the users attention to the fact that they 
are getting stray spaces in there).

Ted F. Fisher
Information Technology Services



-----Original Message-----
From: Marvin Addison [mailto:[email protected]] 
Sent: Wednesday, November 13, 2013 12:50 PM
To: [email protected]
Subject: Re: [cas-user] trimming user name

> One problem is that if a user has a space preceding their user name 
> our LDAP accepts that

Interesting. I was going to claim that's pretty weird, but I just tested it 
against OpenLDAP using a Java-based client library and got the same results for 
'username' and ' username'.

>  This doesn't affect our Liferay portal, but when users hit anything in our 
> Peoplesoft arena the CAS auth for that fails because of the space before the 
> name (a space after the name is no problem).

The best way to address this is to normalize the principal ID in the 
CredentialToPrincipalResolver component. For example, using 
CredentialsToLDAPAttributePrincipalResolver you would set the 
principalAttributeName property to the directory attribute that contains the 
principal.

M

--
You are currently subscribed to [email protected] as: [email protected] 
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to