Even with the OpenIdCredentialsAuthenticationHandler, you still need to configure an AuthenticationHandler that can authenticate your users. The OpenId handler is merely to confirm that the TGT principal and the OpenId principal match on subsequent requests.
-Scott On Wed, Mar 26, 2008 at 10:52 AM, Allen Chen <[EMAIL PROTECTED]> wrote: > Hi, I am working on enable openid for cas. > > Now, I can make the CAS retrieve the openid request and pass the > authencation. > Since the cas is working on the dumb mode. > And I just construct the request by setting > openid.mode="checkid_immediate" > openid.return_to="http://allenpc:3000/soid/back.jsp"; > openid.identity="http://open.scut.edu/allen"; > > the I just post the request by submiting a form with post method. > > And the CAS identified the openid and extract the username "allen", and > the login form for cas is promoted. > After user allen login successfully, the cas return following request > infomation: > > openid.signed identity,return_to > openid.assoc_handle ST-2-IVG2I1oalBrRtTMLypNa-cas > openid.identity http://open.scut.edu/allen > openid.return_to http://allenpc:3000/soid/back.jsp > openid.mode id_res > openid.sig ER00UaIvP4CQGdbPsuyg0NZjfz0= > > then I use the openid.mode=check_authentication to check the response is > valid. > Then I get the following: > openid.mode:id_res > is_valid:true > > > My question is that the method I used is not so secure for the openid > relying party to trust the cas authentication. Have any way to make it more > safe? Something like CAS use SSL to send the TGC to the user? > > What's more, the > org.jasig.cas.support.openid.authentication.handler.support.OpenIdCredentialsAuthenticationHandlerand > org.jasig.cas.support.openid.authentication.principal.OpenIdCredentialsToPrincipalResolverseems > never work, only the SimpleTestUsernamePasswordAuthenticationHandler > works for the login authentication. I follow exactly the wiki instruction to > config, so I don't get it why it happens. > > Thank you in advance! > > ------------------------------ > Allen Chen > 2008-03-26 > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
