On Tue, Mar 29, 2016 at 4:12 PM, Mark Sack <mark.s...@secti.al.gov.br> wrote:
> My bad. I am indeed using the extension
> http://extensions.xwiki.org/xwiki/bin/view/Extension/Authenticator+Jasig+CAS
> <http://extensions.xwiki.org/xwiki/bin/view/Extension/Authenticator+Jasig+CAS>
> I just assumed this extension would be the only choice for CAS
> authentication. So I didn't explicitly mention it.
> The CAS server has its own login page (at least in the Ruby implementation
> that I am using). That server takes the ID and password entered on the login
> page and passes it through to whatever service(s) (LDAP, database, etc.) it
> is configured to authenticate against. The real value of CAS is that it
> remembers the user's login status and doesn't ask the user to
> re-authenticate if he wants to log in to to a different app but already has
> a status of logged in. Since CAS is intended to handle login requests from
> multiple applications, it isn't really the right place to do a mapping of
> user IDs such as that required specifically by xwiki.
> I'll continue to poke around for alternatives but it appears that, since my
> programming skills aren't very deep, I'll need to fall back to recreating
> the users.
> In the long term, I can see two alternative enhancements to prevent users
> from getting into this predicament:

> - remove the restriction that xwiki user IDs cannot contain periods (which I
> understand from previous posts is difficult and not on the list of
> priorities)

The last blockers for this are http://jira.xwiki.org/browse/XWIKI-5149
and http://jira.xwiki.org/browse/XWIKI-5174 as far as I remember but
yes nobody is actively working on it..

> - enhance the xwiki Jasig CAS extension to provide a mapping capability
> similar to that of LDAPProfileClass (this would depend on the maintainer of
> the extension, I suppose).

You could create an improvement or new feature issue for this on
http://jira.xwiki.org/browse/AUTHCAS to keep track of it since it will
probably get lost in the mailing list.

> All of this is just my two cents worth. I can understand why fixing this
> issue would not be a high priority since, in any system with a large number
> of users, the users would not be created manually as I have done. I also
> have the option of setting the system to create users when they first log
> in, thus avoiding the problem when adding new users in future. (For now, I
> need the database nicely populated to demonstrate its utility to the user
> community and can't rely on them all logging in first.)
> Thanks for your help in investigating the issue.
> Regards
> Mark
> --
> View this message in context: 
> http://xwiki.475771.n2.nabble.com/Jasig-CAS-authentication-and-users-with-periods-in-the-id-tp7598674p7598696.html
> Sent from the XWiki- Users mailing list archive at Nabble.com.
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users

Thomas Mortagne
users mailing list

Reply via email to