Hello,
I'm trying to set up my institution's CAS to authenticate using LDAP and
Kerberos. The goal is to have CAS check LDAP for the user first, and if not
found, to try to authenticate in Kerberos.
Here is the authentication handler section in my deployerConfigContext.xml
file:
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="uid=%u"
p:searchBase="XXXXXX"
p:contextSource-ref="contextSource"
p:searchContextSource-ref="pooledContextSource" />
<bean
class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler"
/>
</list>
</property>
If I leave this section as is, I can only authenticate if the user exists
in LDAP. If the user doesn't exist in LDAP, but does exist in Kerberos,
authentication fails. If I comment out the LDAP authentication handler,
leaving only JAAS, I can authenticate properly.
I'm new to setting up CAS so I apologize if I've missed anything obvious.
Thank you!
--
*Tadeusz Sacilowski*
*Manager, Portal & Mobile Development*
Teachers College, Columbia University
[email protected]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
