Hi, first of all, I'd like to apologize for the really cryptic first post here. I am under the weather, taking some antibiotics, and they are really screwing with my thought flow. I'm surprised I even had a response to the really bad message lol.
Second, here is my issue. First off, we are using authentication for CAS by a hard cert (a CAC card). If the user has a valid certificate in the session (supplied by the hard cac card, pin, and httpd cert session variable), then we search our LDAP directory for them. If we find them, we furnish a successful authentication back from CAS, and put the users DN into the session for cas as the authenticated user. I am currently using CAS server 3.0.5, and implementing CAS client 2.1.1 on my applications. (I started the implantations with 2.1.1 , and plan to upgrade to 3.0 at a later time, but we need the full project up more than the additional functionality for the moment). So far I have liferay portal successfully logging in using cas. In liferay, we search for a user by their email address and company id for the portal. That returns a "User" object which has user.getUsername() and user.getPassword(). We then submit that username and userPassword back to a login method to start the users session. Easy enough. Ok, now I am trying to do the same with SVNWebClient from Polarion. The problem comes into play because the SVNWebClient requires a username and password to be passed from class to class, until it's finally passed into core svn code. It appears from my research that when a user actually tries to commit, another password check is performed at the end method to verify a post or commit command. Since we are using LDAP for our database, we do not have access to the users password. It was never input when the users dn verified them against ldap, and it cannot be retrieved from ldap to pass around svn. One of the obstacles with modifying the svnWebClient source code to fit our needs is that it cannot impact non-html-based transactions (eg. Clients connecting with a valid username/password through tortoise or command line). I am looking through the svn code trying to figure out how to tell it to ignore the password Again, thanks for the earlier reply. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Battaglia Sent: Tuesday, January 16, 2007 10:59 PM To: Yale CAS mailing list Subject: Re: Confusion using password Perry, Are your other programs CASified? Why would they need to have access to the password? -Scott On 1/16/07, Perry Minchew < <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]> wrote: Hi all, I have successfully connected liferay and cas, and have a sso solution using an ldap server to authenticate. I'm having some trouble wrapping my mind around how to authenticate other programs now. We are actually authenticating using a cert, so the user never even sees a username/password page. Also, the password in our LDAP is automatically encrypted. My question is, how do I authenticate in other programs that require a username/password credential in the session. Obviously, I can't try to get the password from LDAP, since it's not a valid call. Any suggestions? Perry Minchew Systems Integrator SPAWAR Systems Charleston Office : (843) 218.7031 Cell : (843) 822.1555 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
