does it definitely require java coding? I'd hope I could do it in the configuration XML instead.
- Rex Roof WCC Systems Engineer <[email protected]> 734-973-3478 On Fri, Feb 21, 2014 at 3:46 PM, Ourada, John <[email protected]> wrote: > I am not a good source for doing things in java in CAS. I haven't done > any real java coding. I am running pretty much delivered code. The only > thing I have modified is jsp files and configuration files. > > > > Depending on what is returned by that attribute, you could fix it in the > casServiceValidationSuccess.jsp file. > > > > I modified that file to return attributes based on someone else's > documentation on returning attributes. The issue that I had was how CAS > returns the 'memberOf' attribute. I cleaned up the listing of 'memberOf' > into something that could be used by downstream applications in this file. > > > > Others would need to respond as the dangers of doing that... > > > > *From:* Rex Roof [mailto:[email protected]] > *Sent:* Friday, February 21, 2014 2:34 PM > > *To:* [email protected] > *Subject:* Re: [cas-user] LDAP: Bind vs FastBind > > > > we've been dealing with a similar problem and I was thinking about doing > this. > > > > One thing, though, we're using openldap and our "uid" attribute can > contain multiple usernames associated with the user. I've already > scripted something that makes sure the primary username is first, but since > I don't have that primary username in its own attribute I couldn't figure > out how to return just that attribute as the username. > > > > any idea how I might pop that first username off of our list of uids and > use it as the primary username? > > > > > - Rex Roof > > WCC Systems Engineer <[email protected]> > > 734-973-3478 > > > > On Fri, Feb 21, 2014 at 3:28 PM, Ourada, John <[email protected]> wrote: > > I solved problem for us by using attributes. > > Since I needed to return a few attributes anyway, I mapped the attribute > 'username' to a specific directory attribute. In my case, this has the > effect of returning the data from the directly instead of what the user > typed. > > It still requires that I configure an account that can retrieve the > attributes once a user has successfully logged in. > > -John > > > -----Original Message----- > From: Tom Poage [mailto:[email protected]] > Sent: Friday, February 21, 2014 2:14 PM > To: [email protected] > Subject: Re: [cas-user] LDAP: Bind vs FastBind > > On 02/21/2014 05:24 AM, Whittaker, Geoffrey wrote: > > What are the benefits of FastBind over Bind. Are there any security > > issues I should be aware of if I use FastBind? > > With the general case-insensitive nature of LDAP queries, we discovered > the need to 'normalize' and filter the username when using "fast bind" > (not AD). > > The username/principal is exposed through service ticket validation as > entered at the login page, so if the client enters "Fred" one time and > "FRED" another, it'll match the same LDAP entry, but to any case-sensitive > app downstream, it looks like two different clients. > > Ended up implementing a CredentialsToPrincipalResolver: > > > protected String extractPrincipalId(final Credentials credentials) { > > final UsernamePasswordCredentials usernamePasswordCredentials = > (UsernamePasswordCredentials) credentials; > > return > usernamePasswordCredentials.getUsername().trim().toLowerCase(); > > } > > See my post from November 13, 2013 for details (added trim() since). > > A newer version of ldaptive also encodes the argument so someone can't try > any funny stuff with the bind DN. > > Tom. > > -- > > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
