Céline Aussourd wrote: >>> What's your setting of principalWithDomainName (property of >>> JCIFSSpnegoAuthenticationHandler)? >> > It's "true". That's why "MC\" appears in the user name. >> What's your setting of NTLMallowed (property of >> JCIFSSpnegoAuthenticationHandler)? >> > It's "true". If I set to "false", the authentication doesn't work.
Then you don't authenticate with Kerberos. NTLM is used. That leads to the name form NETBIOSDOMAIN/sAMAccountName. >> If you want to allow SPNEGO with NTLM you could try to map the principal >> name to userPrincipalName like described here: >> http://www.ja-sig.org/wiki/display/CASUM/Attributes >> > Thanks for the idea. I'm trying. Maybe set principalWithDomainName to false and search via LDAP for (sAMAccountName=%u). > I have to substitute my credentialToPrincipalResolver > /<bean > class="org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver" > > />/ > by this one : > /<bean > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> > [...] > </bean>/ > Is that correct ? You have to add the CredentialsToLDAPAttributePrincipalResolver. > The SpnegoCredentialsToPrincipalResolver is used by the > SpnegoCredentialsAction and I don't know how to modify the configuration > files to change this login flow. Why do you want to change the login flow? Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
