Hi, My authentication using SPNEGO finally works :-) but I have now another problem.
I'm working with an Active Directory with 2 logon names : - the pre-Windows 2000 <DOMAIN>\<USERNAME1> (the <USERNAME1> is also called sAMAccountName in ldap) - and the other one <username2>@<my.domain.fr> (also called userPrincipalName in ldap) The problem is that my sAMAccountName is transmitted to my CAS client whereas I would prefer my userPrincipalName... I didn't find anything to help me. I don't even know where to search exactly : AD config, CAS-Spnego config ? Here is an extract of my logs, perhaps it would help : DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <Action 'SpnegoCredentialsAction' beginning execution> DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header found with 212 bytes> DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <Obtained token: NTLMSSPn�HL\� DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler] - <nextToken is null> DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler] - <NTLM Credentials is valid for user [MC\CA_AUSSO]> INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler successfully authenticated the user which provided the following credentials: MC\CA_AUSSO> DEBUG [org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver] - <Attempting to resolve a principal...> DEBUG [org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [MC\CA_AUSSO]> DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <Unable to obtain the output token required.> DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <Action 'SpnegoCredentialsAction' completed execution; result is 'success'> DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'SendTicketGrantingTicketAction' beginning execution> DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'SendTicketGrantingTicketAction' completed execution; result is 'success'> DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'GenerateServiceTicketAction' beginning execution> INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-IMP2BhGBYnQozQsdxRR3-cas] for service [http://pronostix:8080/c/portal/login] for user [MC\CA_AUSSO]> DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'GenerateServiceTicketAction' completed execution; result is 'success'> Well, we can see that MC\CA_AUSSO is successfully authenticated but I would prefer [EMAIL PROTECTED] Merci par avance, Regards, Céline _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
