Forget this for now .. I had checked the documentation to see if it were an Abstract class and then promptly overlooked my results.
I am trying some things now. Linda Toth University of Alaska - Office of Information Technology (OIT) - Identity and Access Management 910 Yukon Drive, Suite 103 Fairbanks, Alaska 99775 Tel: 907-450-8320 Fax: 907-450-8381 [email protected] | www.alaska.edu/oit/ On Thu, Mar 13, 2014 at 2:39 PM, Linda Toth <[email protected]> wrote: > RE: > > Distinct Principal Resolvers We began this process with CAS 3.4.2.1. We > have not upgraded simply because we are still at the soft roll out stage > and don't want to make any adjustments that may occur based on later > versions. > > So, I think I actually don't need two different principal resolvers, but I > was advised I did earlier. That may be because I did not explain the > implementation we are using well: > > We are using AD LDAP to authenticate successfully with this construct: > > <!-- AD LDAP Authentication Handler --> > > <bean id="AD-LdapAuthHandler" > > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > > <property name="filter" value="${ad.bindAuthHandler.filter}" /> > > <property name="searchBase" value= > "${ad.bindAuthHandler.searchBase}" /> > > <property name="contextSource" ref="contextSource" /> > > </bean> > > > > <!-- AD LDAP Credential to Principal Resolver --> > > <bean id="ADLdapCredential-to-PrincipalResolver" > > class= > "org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> > > <property name="credentialsToPrincipalResolver"> > > <bean class= > "org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"/> > > </property> > > <property name="filter" value="${ad.bindAuthHandler.filter}" /> > > <property name="principalAttributeName" value="sAMAccountName" > > > </property> > > <property name="searchBase" value= > "${ad.userBindAuthHandler.searchBase}" /> > > <property name="contextSource" ref="contextSource" /> > > <property name="attributeRepository"> > > <ref bean="attributeRepository" /> > > </property> > > </bean> > > > The alternate approach is using the very same LDAP source, but is > evaluating the return via local scripts and can by-pass an expiration date > in the AD LDAP that refers solely to using student labs, etc. > > Nevertheless, I must set up different authenticaton handlers based on the > way this program expects data. I was advised I did not need to change the > UsernamePasswordCredentialsToPrincipalResolver class, but I would need to > have a different LDAP Credential to Principal Resolver class. > > In our version, the only candidate I find is > org.jasig.cas.autnetication.principal.AbstractPersonDirectoryCredentialsToPrincipalResolvers. > I am about to test this, but may need some support if all does not go > well. > > As always, if something leaps out at any of you - let me know. > > I have attached the entire deployerConfigContext.xml file for further > reference if that helps. > > Linda > > > > Linda Toth > University of Alaska - Office of Information Technology (OIT) - Identity > and Access Management > 910 Yukon Drive, Suite 103 > Fairbanks, Alaska 99775 > Tel: 907-450-8320 > Fax: 907-450-8381 > [email protected] | www.alaska.edu/oit/ > > > > On Mon, Mar 10, 2014 at 2:16 PM, Linda Toth <[email protected]> wrote: > >> Marvin >> >> This does help - thanks >> >> Linda Toth >> University of Alaska - Office of Information Technology (OIT) - Identity >> and Access Management >> 910 Yukon Drive, Suite 103 >> Fairbanks, Alaska 99775 >> Tel: 907-450-8320 >> Fax: 907-450-8381 >> [email protected] | www.alaska.edu/oit/ >> >> >> >> On Sat, Mar 8, 2014 at 3:38 AM, Marvin Addison >> <[email protected]>wrote: >> >>> > I think the CredentialsToLDAPAttributePrincipalResolver is the one >>> that must >>> > be different for multiple LDAPs. >>> >>> That's correct. The inner >>> UsernamePasswordCrednetialsToPrincipalResolver is used to seed the >>> LDAP query with the user name used in the LDAP search filter, but >>> CredentialsToLDAPAttributePrincipalResolver has the directory-specific >>> LDAP details such as host name, base DN, search scope, and filter. >>> >>> Hope that helps, >>> M >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> >> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
