On Tue, Oct 14, 2008 at 10:10 AM, Matthew Jones < [EMAIL PROTECTED]> wrote:
> Hi Scott, > > Finally getting back to this. > > You can transition to an error screen on error, you'll just need to write >> one :-) >> >> Re-thinking it, here's what I actually would probably recommend: >> 1. Extend UsernamePasswordCredentials to include a Certificate (i.e. >> create >> CertificateAndUsernamePasswordCredentials) >> > > O.K that shouldn't be too hard > > 2. Create a CredentialsBinder class that can obtain the certificate from >> the >> Request and call >> certificateAndUsernamePasswordCredentials.setCertificate(certificate) >> > > Presumably, there is somewhere code that does the obtaining of the > certificate and maybe even storing it in a credentials object. Is that code > anywhere obvious? http://developer.ja-sig.org/source/browse/jasigsvn/cas3/branches/cas-3-2_maintenance/cas-server-support-x509/src/main/java/org/jasig/cas/adaptors/x509/web/flow/X509CertificateCredentialsNonInteractiveAction.java?r=43968 > > > 3. Create a delegating AuthenticationHandler (or a custom >> AuthenticationManager) that will essentially call both the Ldap handler >> and >> something you write to validate the certificate. >> > > I would hope that I could extend the LDAP handler as I can use the E-mail > address from the certificate to match the appropriate entry in LDAP. Does > that sound sensible? You should be able to. But if you want to actually validate the certificate you may need to do some additional work (see the example existing X.509 handlers) > > > 4. Configure everything in the Spring XML configuration. >> > > O.K. That's straight forward right? If you can configure the existing handlers you can configure any new one. > > > 5. Everything else should work like magic :-) >> > > That would indeed be magic! And when I say work like magic, that usually means at a minimum on the second attempt because there's always that missing > in the XML config ;-) -Scott > > > Thanks > > -- > Matthew Jones > Interactive Data Managed Solutions Ltd > ----------------------------------------------------------------------- > Registered in England Company Number 3691868 > Registered Office: Fitzroy House, 13-17 Epworth Street, London, EC2A 4DL > Tel: +44 (0)1242 694133 | Fax: +44 (0)1242 694109 > [EMAIL PROTECTED] > http://www.interactivedata-ms.com/694133 > > This message (including any files transmitted with it) may contain > confidential and/or proprietary information, is the property of Interactive > Data Corporation and/or its subsidiaries, and is directed only to the > addressee(s). If you are not the designated recipient or have reason to > believe you received this message in error, please delete this message from > your system and notify the sender immediately. An unintended recipient's > disclosure, copying, distribution, or use of this message or any attachments > is prohibited and may be unlawful. > Interactive Data (Europe) Ltd Registered No. 949387 England Registered > Office: Fitzroy House 13-17 Epworth Street. London. EC2A 4DL > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
