Thanks again, Marvin! That works perfectly.
Doug
From: [email protected]
Date: Thu, 15 Jan 2015 18:37:35 +0000
Subject: Re: [cas-user] CAS 4.0 w/ OpenLDAP won't return memberOf attribute
To: [email protected]
It seems like it would be more efficient if I could just have CAS return the
attributes that it is able to retrieve using the LdapAuthenticationHandler.
That is indeed desirable and entirely possible using LdapAuthenticationHandler
and a static person directory attribute resolver. The key is _not_ configuring
a principal resolver for the LdapAuthenticationHandler bean in the
PolicyBasedAuthenticationManager constructor:
<bean id="authenticationManager"
class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg> <map> <entry
key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value="#{null}" />
</map> </constructor-arg>
If no resolver is defined for a handler, that signals the authentication
manager to use the principal resolved from the authentication handler.
Hope that helps,M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
