To be fully clear, your resolver should be based on the PersonDirectoryPrincipalResolver and its attribute repository source could then point to your LDAP instance.
From: Misagh Moayyed [mailto:[email protected]] Sent: Thursday, September 25, 2014 7:55 AM To: [email protected] Subject: RE: [cas-user] Use of ChainingPrincipalResolver in CAS 4.0 You need an ldap principal resolver to include in the chain. This is handled by person directory: https://wiki.jasig.org/display/PDM15/LDAP+Attribute+Source From: Valérie Bauche [mailto:[email protected]] Sent: Thursday, September 25, 2014 5:27 AM To: [email protected] <mailto:[email protected]> Subject: [cas-user] Use of ChainingPrincipalResolver in CAS 4.0 Hi Documentation for ChainingPrincipalResolver says : A common use case for this component is resolving a temporary principal ID from an X.509 credential followed by a search (e.g. LDAP, database) for the final principal based on the temporary ID Good, that what I need : authenticate with X509 and then search the user in LDAP. But I dont understand how to configure it ChainingPrincipalResolver needs a list of PrincipalResolver : setChain(List <http://docs.oracle.com/javase/6/docs/api/java/util/List.html?is-external= true> <PrincipalResolver <http://jasig.github.io/cas/4.0.0/javadocs/apidocs/org/jasig/cas/authentic ation/principal/PrincipalResolver.html> > chain) For X509 its ok, I have <bean id="x509SubjectResolver" class="org.jasig.cas.adaptors.x509.authentication.principal.X509SubjectPri ncipalResolver" p:descriptor="$CN" /> X509SubjectPrincipalResolver implements PrincipalResolver so I can add it to ChainingPrincipalResolver But for Ldap I followed the documentation and I have : <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="mail" c:authenticator-ref="authenticator"> </bean> <bean id="authenticator" class="org.ldaptive.auth.Authenticator" c:resolver-ref="dnResolver" c:handler-ref="authHandler" /> <bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver" p:baseDn="${ldap.authn.baseDn}" p:allowMultipleDns="false" p:connectionFactory-ref="searchPooledLdapConnectionFactory" p:userFilter="${ldap.authn.searchFilter}" p:subtreeSearch="true" /> This LDAP configuration works fine when I use it alone, but I cant add it to my ChainingPrincipalResolver because there isnt any bean implementing the interface PrincipalResolver (PooledSearchDnResolver doesnt) . So how can I make this configuration ? Valérie -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
