Actually, I realize now, I need the custom Authentication handler to be called both before and after CAS authenticates through LDAP. Before, because I need to determine (depending on certain other settings in the app) whether I really need to authenticate via LDAP (I may chose to authenticate against some other source). After, because I need to set some state depending on whether authentication was successful.
Thanks, Ray. ----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Monday, January 29, 2007 9:44:01 PM Subject: Re: How to use LDAP adaptor classes? Ray, Why do you still need to call your custom Authentication Handler? -Scott On 1/29/07, t ray <[EMAIL PROTECTED] > wrote: Scott, Thanks for your response. The first link you provided answered most of my question. Also, its great to know I need not write any code. I have 2 questions though- Originally, I wrote an authentication handler class and placed it under /localPlugins/src and then modified deployerConfigContext.xml to refer to my auth handler class. That class gets called (authenticate() method actually) when the user attempts to login. I am trying to tie this along with using LDAP to authenticate. So, basically, I need to configure CAS to use its ldap adaptors and authenticate and then return control to my auth handler class (authenticate() method) for further processing. Is there a way to do that? If there is, once control returns to my auth handler, how do I figure out whether authentication using LDAP succeeded or not? Thanks. Ray. ----- Original Message ---- From: Scott Battaglia < [EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Sunday, January 28, 2007 11:24:16 AM Subject: Re: How to use LDAP adaptor classes? Ray, You shouldn't need to write any code as long as the current Ldap*Handlers are sufficient to meet your needs. And you shouldn't need any code to get your username/password to the handler. CAS utilizes the Spring Web module which provides "binding" capabilities. Basically, you supply a domain class (in our case a UsernamePasswordCredentials) and Spring Web automatically matches Request parameters to properties on your domain class. So a parameter of username will be set on the UsernamePasswordCredentials as there is a matching username property. -Scott On 1/26/07, t ray <[EMAIL PROTECTED] > wrote: Thanks Scott. That was useful. I have a question- It appears from all the documentation that I don't really need to write any code at all, just configuration changes in deployerConfigContext.xml are sufficient to get the FastBind adaptor to do the basic authentication against an LDAP server. Is my understanding correct? Related to that, how is the user name and password that the user entered get passed on to the FastBind adaptor in order for authentication to occur? Do I need some code to make that happen? I see a username and password under ContextSource. But that appears to be of the entity thats allowed to query the ldap server. Basically, I am wondering how to pass the username/password that the user typed in to the LDAP server for authentication using FastBind class. Thanks, Ray. PS: I really hope this doesn't turn out to be another thread. I hit reply to the emails I receive and despite that a new thread is created for all my response. ----- Original Message ---- From: Scott Battaglia < [EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Friday, January 26, 2007 6:36:28 AM Subject: Re: How to use LDAP adaptor classes? These resources may help you: http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html http://developer.ja-sig.org/projects/cas/multiproject/cas-server-ldap/apidocs/index.html http://developer.ja-sig.org/test/cas.html#ldap Note that they are slightly out of date as they refer to the LdapTemplate project instead of the Spring LDAP project (we're working on updating this). The Spring LDAP Javadocs can be found here: http://www.springframework.org/ldap -Scott On 1/26/07, t ray < [EMAIL PROTECTED] > wrote: Digging a bit more, I found this- http://developer.ja-sig.org/source/viewrep/jasig/cas3/adaptors/ldap/src/main/resources/deployerConfigContext.xml?r=1.1 It is a deployerConfigContext.xml file that uses BindLdapAuthenticationHandler. Can someone tell me if using FastBindLdapAuthenticationHandler is similar, meaning, can I just replace BindLdapAuthenticationHandler with FastBindLdapAuthenticationHandler? Also, can someone point me to some description of the various properties that are allowed? Most of them in the link above seem straight forward. I am not sure about "authenticatedReadOnly" (what does it mean?) and those under baseEnvironmentProperties. Specifically, where the protocol is marked "ssl", does it mean that ssl is being used to communicate with Active Directory or is the password still being sent in clear text? For those wishing to use AD purely for authentication purposes and not for some reason interested in the fastbind adaptor, you may also find the following interesting- http://forum.java.sun.com/thread.jspa?threadID=726601&tstart=0 Thanks, Ray. ----- Original Message ---- From: t ray < [EMAIL PROTECTED]> To: CAS Mailing List < [email protected]> Sent: Thursday, January 25, 2007 4:32:32 PM Subject: How to use LDAP adaptor classes? I wish to authenticate by querying an Active Directory server. I have modified deployerConfigContext.xml and have replaced the SimpleTest authenticator with my own. However, I am not sure how to use the LDAP adaptor classes that seem to be provided in the adaptors/ldap directory. I assume these classes help in connecting to a LDAP server and querying it. Could someone point me to some references/resources that describe how to use these adaptor classes/how to connect to a LDAP server? Thanks. Ray. Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas Get your own web address. Have a HUGE year through Yahoo! Small Business. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas Have a burning question? Go to Yahoo! Answers and get answers from real people who know. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas ____________________________________________________________________________________ We won't tell. Get more on shows you hate to love (and love to hate): Yahoo! TV's Guilty Pleasures list. http://tv.yahoo.com/collections/265
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
