>
> It seems like it would be more efficient if I could just have CAS return
> the attributes that it is able to retrieve using the
> LdapAuthenticationHandler.
>
That is indeed desirable and entirely possible using
LdapAuthenticationHandler and a static person directory attribute resolver.
The key is _not_ configuring a principal resolver for the
LdapAuthenticationHandler bean in the PolicyBasedAuthenticationManager
constructor:
<bean id="authenticationManager"
class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<entry key-ref="proxyAuthenticationHandler"
value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler"
value="#{null}" />
</map>
</constructor-arg>
If no resolver is defined for a handler, that signals the authentication
manager to use the principal resolved from the authentication handler.
Hope that helps,
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
