Daniel, We're rewriting a lot of this stuff for CAS3.5. I'd like to work with you to make sure your use case is covered in that release. Take a quick look at the trunk code base and then we can start to see how to meet your needs.
Cheers, Scott On Fri, Jul 2, 2010 at 9:32 AM, Daniel Almeida <[email protected]>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > Here at Instituto Superior Técnico we need to display different error > messages for the user based not only on the global authentication > process result, but on principal resolver result. > > This arises from the need to support Portuguese/European National Id > Cards and the European eID Interoperability Platform > (https://www.eid-stork.eu/) where citizens use their smartcards to > perform a X.509 based authentication. > > The problem occurs when a user that is not previously registered on our > systems (i.e. ldap) does the authentication correctly with his National > Id Card, but we can't display a specific error message other than "the > authentication failed". We would like to be able to tell the user "your > authentication went fine, but we don't have your information registered > on our systems" (i.e. the resolver can't find your principal). > > We would like to implement this feature (if possible) without changing > CAS source code, using only its extension mechanisms, like we do with > our custom authenticantion handlers. > > - From my analysis both failed authentication and failed principal > resolution return a BadCredentialsAuthenticationException, which doesn't > allow to distinguish between a bad authentication / missing principal. > > @ AuthenticationManagerImpl.java : > > if (foundSupported) { > if (log.isDebugEnabled()) { > log.debug("CredentialsToPrincipalResolver found but no > principal returned."); > } > > throw BadCredentialsAuthenticationException.ERROR; > } > > The best solution I can think off (other than doing a principal resolve > in an action handler...), is to add a different exception type like > PrincipalNotFoundAuthenticationException, and handle it properly on > login-webflow.xml, with a transition on-exception. > > Is this the best approach, or is there a straightforward solution for this? > > Thanks, > Daniel Almeida > System Administrator @ CIIST - Instituto Superior Técnico (Portugal) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkwt6msACgkQ/OHAq1+3BPV1TgCeN/gA0GN0RCJ3K9XFr6Y1wj2R > XvEAn3uevKibXc3tORfyDRZdgZkuFOcb > =/182 > -----END PGP SIGNATURE----- > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
