OK, I found the solution. It was not obvious. After hunting through mailing
list posts, I found that the instructions were on the documentation page for
LDAP authentication all along (the section labeled "PrincipalResolver vs
AuthenticationHandler"). Unfortunately, the instructions there to set the
value-ref on the ldap auth handler to "#{null}" don't work. When I do that, I
get an error:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named
'null' is defined
I found an alternative way to do this in another mailing list post. Commenting
out the existing <constructor-arg><map></map><entry/></constructor-arg>
section, this works as long as there is only one handler needed:
<constructor-arg index="0">
<list value-type="org.jasig.cas.authentication.AuthenticationHandler" >
<ref local="ldapAuthenticationHandler"/>
</list>
</constructor-arg>
Luckily, we don't need to use proxy auth and we have a single authentication
handler, so we can use this. I can now see the attributes available for release:
2015-07-31 09:47:06,884 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute map
for abc123: {uid=abc123, [email protected], displayName=Mark McCoy,
employeeID=XXXXXXXX}
Next up is figuring out the release policy.
Thanks,
Mark
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
