Hi Documentation for ChainingPrincipalResolver says : A common use case for this component is resolving a temporary principal ID from an X.509 credential followed by a search (e.g. LDAP, database) for the final principal based on the temporary ID
Good, that what I need : authenticate with X509 and then search the user in LDAP. But I don't understand how to configure it... ChainingPrincipalResolver needs a list of PrincipalResolver : setChain(List<http://docs.oracle.com/javase/6/docs/api/java/util/List.html?is-external=true><PrincipalResolver<http://jasig.github.io/cas/4.0.0/javadocs/apidocs/org/jasig/cas/authentication/principal/PrincipalResolver.html>> chain) For X509 it's ok, I have <bean id="x509SubjectResolver" class="org.jasig.cas.adaptors.x509.authentication.principal.X509SubjectPrincipalResolver" p:descriptor="$CN" /> X509SubjectPrincipalResolver implements PrincipalResolver so I can add it to ChainingPrincipalResolver But for Ldap I followed the documentation and I have : <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="mail" c:authenticator-ref="authenticator"> ... </bean> <bean id="authenticator" class="org.ldaptive.auth.Authenticator" c:resolver-ref="dnResolver" c:handler-ref="authHandler" /> <bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver" p:baseDn="${ldap.authn.baseDn}" p:allowMultipleDns="false" p:connectionFactory-ref="searchPooledLdapConnectionFactory" p:userFilter="${ldap.authn.searchFilter}" p:subtreeSearch="true" /> ... This LDAP configuration works fine when I use it alone, but I can't add it to my ChainingPrincipalResolver because there isn't any bean implementing the interface PrincipalResolver (PooledSearchDnResolver doesn't).... So how can I make this configuration ? Valérie -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
