Alatalo, Antoni wrote: > > Is it possible to create authentication via kerberos and if not > authenticated then username/password authentication?
Yes, I did exactly this with CAS 3.2 (now 3.2.1) for SPNEGO/Kerberos5 and fall-back to LDAP bind request for MS AD if SPNEGO wasn't successful. You can customize login-webflow.xml to achieve this. Note that depending on your MS AD naming conventions (sAMAccountName and userPrincipalName) and your settings for properties principalWithDomainName and NTLMallowed your CAS client will receive different principal names. Therefore I'm mapping the credential-dependent principal names to a generic principal name (in my case employeeNumber). See http://www.ja-sig.org/wiki/display/CASUM/Attributes how to configure such a LDAP-based mapping. Thanks to the wonderful work of the CAS developers that works like a charm without writing own code (despite detailed issues with LDAPv3 referrals still to be sorted out). Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
