On Tue, 1 Sep 2015, Misagh Moayyed wrote:
1) To authenticate a user, I need to change the username / password data
I received from the login page a little (i.e. add some "@realm" to the
user or convert the password to some proprietary syntax the backend
uses) before sending it to let's say an ODBC or LDAP backend. What seems
to be the best approach to achieve this? Do I really need to write a new
class (org.jasig.cas.adaptors) or is there another way to change the
credentials before sending them to the backend?
Yes these are called Transformers, unrelated to any particular super hero
mythology that allow you to change the userid:
http://jasig.github.io/cas/development/installation/Configuring-Authentication-Components.html#principalnametransformer-components
Most handlers also have a password encoder property that you can define.
2) Is it possible to "try" two or more variants of credentials against
the same backend without doing so within the authentication handler itself?
Depends on what you mean by variant. Handlers declare support for a
specific hierarchy of credentials. So if you wanted to create your own
uid/psw credential class and have it be passed to the LDAP handler for
example, then you need to make sure your custom class follows the
hierarchy.
If on the other hand, you mean to authenticate the collection of [test,
test@somewhere, TEST@SOMEWHERE] against a single handler all at once
looping through one at a time, then no. You need a custom handler.
We modified our LDAP search filter to allow authentication by either
"username" or "username@oregonstate":
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<!-- The Principal resolver forms the credentials -->
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
</property>
<!-- The query made to find the Principal ID. "%u" will be replaced by the
resolved Principal -->
<property name="filter" value="(|(uid=%u)(eduPersonPrincipalName=%u))" />
<!-- The attribute used to define the new Principal ID -->
<property name="principalAttributeName" value="uid" />
<property name="searchBase" value="ou=people,o=orst.edu" />
<property name="contextSource" ref="contextSource" />
<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>
</bean>
(Match against uid or eduPersonPrincipalName attributes).
As long as only 1 result will be returned, you can search simulataneously
on multiple attributes.
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
