On Mon, Mar 28, 2016 at 3:53 PM, Mark Sack <mark.s...@secti.al.gov.br> wrote: > I have successfully configured our xwiki site to use LDAP authentication > against Active Directory. The convention for the user IDs in our Active > Directory is to use a period to separate the given name and surname as in > mark.sack. I added the LDAPProfileClass object to the user profiles to map > the Active Directory IDs to the internal wiki ones. I had created the users > before implementing the Active Directory authentication with the convention > of an underscore in between the given name and the surname. > > Now I would like to implement a single signon solution for all of our > applications and have set up a CAS server to authenticate against Active > Directory. The authentication works fine but the CAS authentication in xwiki > seems to simply strip out the period in the Active Directory ID instead of > mapping to the existing user. I observed the following behaviour: > - in xwiki.cfg, if I set xwiki.authentication.cas.create_user to 1 and login > as mark.sack (with my Active Directory password), the login is successful. > But xwiki creates a new user with id marksack instead of mapping to the > existing mark_sack user (mark_sack has the LDAPProfileClass set to > mark.sack). > - in xwiki.cfg, if I set xwiki.authentication.cas.create_user to 0 and login > as mark.sack, the login fails with a message that to the effect that the > user does not exist. > > How could I achieve the mapping of xwiki users to Active Directory for CAS > authentication?
You did not say which authenticator you are using with CAS. If its AppServerTrustedAuthServiceImpl then you should try http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+Trusted+LDAP instead. > > Our system is relatively small (about 40 users so far) and has not yet > really been rolled out to the user community. So if need be, I could create > new xwiki users following the convention required by xwiki (no character > between the given name and surname). But I would prefr to avoid that if I > can. > > > > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/Jasig-CAS-authentication-and-users-with-periods-in-the-id-tp7598674.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
