Re: [xwiki-users] Jasig CAS authentication and users with periods in the id

Tue, 29 Mar 2016 05:13:45 -0700 

Thanks for the suggestion. Unfortunately, it looks like I will need a lot
more hand holding to figure out whether or not I can use the trusted ldap
authenticator as you suggest.

1. I found the following comment in xwiki.cfg
    #-# Used by some authenticators (like
com.xpn.xwiki.user.impl.xwiki.AppServerTrustedAuthServiceImpl)
    But I didn't find that the string anywhere else in the files in WEB-INF.
So I'm not sure if I'm using that particular
    authenticator. Is it the default? How does one select a specific
authenticator?

2. In the readme for the extension
https://github.com/xwiki-contrib/xwiki-authenticator-trusted-ldap/blob/master/README.md
    the configuration examples all seem to refer to authentication using
LDAP (and the name of the extension implies that
    it is intended for LDAP). But in my configuration, xwiki isn't talking
to LDAP - it is instead talking to a CAS server which
    in turn talks to Active Directory (using the LDAP protocol). As a
consequence, LDAP authentication is disabled in 
    xwiki.cfg. Instead my xwiki.cfg file has the following line:
        
xwiki.authentication.authclass=org.xwiki.contrib.authentication.cas.XWikiCASAuthenticator
    Is it true that this extension can be used for CAS authentication as
well as LDAP?

3. The extension appears to rely on regexp for transformation/translation of
the user ID. I inadvertently omitted one detail 
    from my description of the problem. The mapping from LDAP/CAS user ID to
xwiki ID is not as simple as replacing a 
    period with an underscore. Here, people sometimes have multiple surnames
or use a second given name in
    to a surname. As an example, my name might be 'Mark Thomas Jones Sack'.
And in xwiki I might have created a 
    user with the ID 'mark_sack'. But in Active Directory, the ID might be
'mark.thomas' or 'mark.jones'. For a mapping
    such as this from 'mark.jones' to 'mark_sack', I think I would need a
separate field (like LDAPProfileClass provides)
    instead of just a regexp expression.

Regards
Mark



--
View this message in context: 
http://xwiki.475771.n2.nabble.com/Jasig-CAS-authentication-and-users-with-periods-in-the-id-tp7598674p7598689.html
Sent from the XWiki- Users mailing list archive at Nabble.com.
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to