Some more information regarding my previous question: - If I switch around the LDAP and Jaas handlers, fall through works correctly... If the user is not in Kerberos but is in LDAP, authentication will succeed. However, the reverse doesn't work (and this is the order that I need it to check in: LDAP > Kerberos) - I'm using CAS 3.5.2.1
Thank you, Teddy On Wed, Jun 11, 2014 at 1:43 PM, Sacilowski, Tadeusz <[email protected] > wrote: > Hello, > > I'm trying to set up my institution's CAS to authenticate using LDAP and > Kerberos. The goal is to have CAS check LDAP for the user first, and if not > found, to try to authenticate in Kerberos. > > Here is the authentication handler section in my deployerConfigContext.xml > file: > > <property name="authenticationHandlers"> > <list> > <bean > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > p:httpClient-ref="httpClient" /> > > <bean > > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > p:filter="uid=%u" > p:searchBase="XXXXXX" > p:contextSource-ref="contextSource" > p:searchContextSource-ref="pooledContextSource" /> > > <bean > class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler" > /> > </list> > </property> > > If I leave this section as is, I can only authenticate if the user exists > in LDAP. If the user doesn't exist in LDAP, but does exist in Kerberos, > authentication fails. If I comment out the LDAP authentication handler, > leaving only JAAS, I can authenticate properly. > > I'm new to setting up CAS so I apologize if I've missed anything obvious. > > Thank you! > > -- > *Tadeusz Sacilowski* > *Manager, Portal & Mobile Development* > Teachers College, Columbia University > [email protected] > -- *Tadeusz Sacilowski* *Manager, Portal & Mobile Development* Teachers College, Columbia University [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
