Hi
I successfully set up CAS 3.0.5 for x509 and LDAP authentication (if
user certificate is available, user is authenticated via x509, otherwise
user is authenticated with login name and password over LDAP). However,
I was missing a CAS credentials-to-principal resolver that returns the
certificate email address as the principal.
Implementing such a resolver is easy. One basically takes the
X509CertificateCredentialsToIdentifierPrincipalResolver and inserts
something like
if (name.equalsIgnoreCase("emailaddress")){
return new SimplePrincipal(value);
}
in the function resolvePrincipalInternal()
I think this would be a useful feature, especially if CAS is used with
Shibboleth, which has to lookup the user's attributes in the LDAP
directory. For LDAP it the REMOTE_USER then is the loginname (e.g. uid
in LDAP) and for x509 the REMOTE_USER is the email address (e.g. mail in
LDAP).
Regards
Lukas
PS: For the ones interested in the Shib configuration...
The Shibboleth search filter has to be configured like following:
<Search filter="(| (mail=%PRINCIPAL%) (uid=%PRINCIPAL%))">
--
------- SWITCH - The Swiss Education & Research Network ------
Lukas Haemmerle Security http://www.switch.ch/
SWITCH, Neumuehlequai 6, P.O. Box, CH-8021 Zurich, Switzerland
[EMAIL PROTECTED] Tel: +41 44 268 15 64 Fax: +41 44 253 98 98
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
