-Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Wed, Jul 9, 2008 at 2:35 PM, Brodie Rao <[EMAIL PROTECTED]> wrote: > I'm using CAS server 3.2.1 with an LDAP server and I'd like to have it > use a different attribute for finding the principal ID for Google Apps > SAML requests. Is it possible to configure the CAS server to send a > different principal ID for SAML requests? More specifically, I want it > to return the mailNickname LDAP attribute for Google Apps, and > sAMAccountName for any other request (which is the attribute queried on > by the LDAP authentication handler). In general its very difficult to swap the id attribute for one name. One of the general assumptions is a canonical username ;-) Especially since authentication/principal resolution is only done whenever credentials are supplied. You could probably write your own Service object that does the lookup when a SAML2 service is created and do it that way if you wanted. You could base it off the GoogleAccountsService that already exists and configure that instead of the normal one. > > > If that's not possible, is it possible to configure a second instance of > the CAS server mounted at a different URL that shares the same ticket > store as the first server? That way I could point Google Apps to that > second instance, and keep existing applications pointed at the first > instance. CAS can share ticket stores. We've got a few options including JBossCache, MemCache, and Terracotta. The last two will be as of 3.3. -Scott > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
