Could you send me the source of your "mywebapp" sample I want to test it with my cas server with is not on the localhost?
Thanks Regards ----- Message d'origine ---- De : Michael Ströder <[EMAIL PROTECTED]> À : Yale CAS mailing list <[email protected]> Envoyé le : Jeudi, 29 Mai 2008, 23h53mn 15s Objet : Re: CAS, Spnego and the "pre Windows 2000 logon name" Céline Aussourd wrote: >>> What's your setting of principalWithDomainName (property of >>> JCIFSSpnegoAuthenticationHandler)? >> > It's "true". That's why "MC\" appears in the user name. >> What's your setting of NTLMallowed (property of >> JCIFSSpnegoAuthenticationHandler)? >> > It's "true". If I set to "false", the authentication doesn't work. Then you don't authenticate with Kerberos. NTLM is used. That leads to the name form NETBIOSDOMAIN/sAMAccountName. >> If you want to allow SPNEGO with NTLM you could try to map the principal >> name to userPrincipalName like described here: >> http://www.ja-sig.org/wiki/display/CASUM/Attributes >> > Thanks for the idea. I'm trying. Maybe set principalWithDomainName to false and search via LDAP for (sAMAccountName=%u). > I have to substitute my credentialToPrincipalResolver > /<bean > class="org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver" > > />/ > by this one : > /<bean > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> > [...] > </bean>/ > Is that correct ? You have to add the CredentialsToLDAPAttributePrincipalResolver. > The SpnegoCredentialsToPrincipalResolver is used by the > SpnegoCredentialsAction and I don't know how to modify the configuration > files to change this login flow. Why do you want to change the login flow? Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas __________________________________________________ Do You Yahoo!? En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités http://mail.yahoo.fr Yahoo! Mail _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
