Hi Tom, Could you point me to some more resources for manipulating the user's CAS login principal before passing it on to the requesting authentication service?
I'm implementing a new CAS environment with an LDAP backend and I need to strip whitespace from our usernames and also provide for an optional @ wccnet.edu that I'd like to strip off. I went digging in the archives for your november 13 post with details but I came up short. - Rex Roof WCC Systems Engineer <[email protected]> 734-973-3478 On Fri, Feb 21, 2014 at 3:14 PM, Tom Poage <[email protected]> wrote: > On 02/21/2014 05:24 AM, Whittaker, Geoffrey wrote: > > What are the benefits of FastBind over Bind. Are there any security > > issues I should be aware of if I use FastBind? > > With the general case-insensitive nature of LDAP queries, we discovered > the need to 'normalize' and filter the username when using "fast bind" > (not AD). > > The username/principal is exposed through service ticket validation as > entered at the login page, so if the client enters "Fred" one time and > "FRED" another, it'll match the same LDAP entry, but to any > case-sensitive app downstream, it looks like two different clients. > > Ended up implementing a CredentialsToPrincipalResolver: > > > protected String extractPrincipalId(final Credentials credentials) { > > final UsernamePasswordCredentials usernamePasswordCredentials = > (UsernamePasswordCredentials) credentials; > > return > usernamePasswordCredentials.getUsername().trim().toLowerCase(); > > } > > See my post from November 13, 2013 for details (added trim() since). > > A newer version of ldaptive also encodes the argument so someone can't > try any funny stuff with the bind DN. > > Tom. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
