I didn't follow all of this thread, but if I understand you correctly,
it is possible to do the authentication and pull out the attributes in
one call to ldap. I'm doing this with CAS version 4.0.x.
The key is to configure the principalAttributeMap property in the
ldapAuthenticationHandler bean, as I believe Chris Myers showed -- but
then not use attributeRepository (which may come pre-configured in the
default deployerConfigContext.xml). I do the latter by changing the
following line, in the authenticationManager bean, from:
<entry key-ref="ldapAuthenticationHandler"
value-ref="usernamePasswordCredentialsResolver" />
to:
<entry key-ref="ldapAuthenticationHandler" value="#{ null }" />
Milt Epstein
Programmer in Computational Genomics
Institute for Genomic Biology (IGB)
University of Illinois at Urbana-Champaign (UIUC)
[email protected]
On Thu, 23 Apr 2015, "Borys Pogore?o" wrote:
>
>
> > But I guess if you were using database for auth and ldap for
> > attrs, then this would be necessary to have separated out.
>
> I think you're right. But I believe that the most common scenario is using
> one source for both authentication and attributes. Separation should be an
> option, not the default...
>
> --
> Borys
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
