Hi,
I have a cas server and I want to use x509 certificate connector.
The purpose is to be able to authenticate with 2 x509 certificate:
- one with the parameter CN to extract in the subject of the certificate
- and one withe the paramater UID to extract in the subject of the certificate.
I configure an authentication manager in the deployerConfigContext.xml (see
attached file)
this manager doesn't work. Only the first x509 resolver declared in the file
deployerConfigContext.xml is used.
I want to know if it's possible to use 2 resolver for x509 certificate.
Thanks for your help.
Regards
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
<bean id="authenticationManager"
class="org.jasig.cas.authentication.LinkedAuthenticationHandlerAndCredentialsToPrincipalResolverAuthenticationManager">
<constructor-arg name="linkedHandlers"
ref="authenticationHandlersAndPrincipalResolversMap" />
</bean>
<bean id="certHandler"
class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler">
<property name="trustedIssuerDnPattern" value="${x509.issuer.filter}" />
<property name="maxPathLengthAllowUnspecified" value="true" />
</bean>
<bean id="certH-cims"
class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler">
<property name="trustedIssuerDnPattern" value="${x509.issuer.filter}" />
<property name="maxPathLengthAllowUnspecified" value="true" />
</bean>
<bean id="ldapHandler"
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="(cn=%u)"
p:searchBase="${ldap.cnx.searchdn}"
p:contextSource-ref="contextSource"
p:searchContextSource-ref="pooledContextSource"/>
<util:map id="authenticationHandlersAndPrincipalResolversMap">
<!--<entry key-ref="certH-1">
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToSubjectPrinciplalResolver">
<property name="descriptor" value= "$CN"/>
</bean>
</property>
<property name="filter" value="(cn=%u)"/>
<property name="principalAttributeName" value="cn"/>
<property name="searchBase" value="${ldap.cnx.searchdn}"/>
<property name="contextSource" ref="contextSource"/>
</bean>
</entry>-->
<entry key-ref="certHandler">
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToSubjectPrinciplalResolver">
<property name="descriptor" value= "$UID"/>
</bean>
</property>
<property name="filter" value="(cn=%u)"/>
<property name="principalAttributeName" value="cn"/>
<property name="searchBase" value="${ldap.cnx.searchdn}"/>
<property name="contextSource" ref="contextSource"/>
</bean>
</entry>
<entry key-ref="ldapHandler">
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
<property name="attributeRepository" ref="attributeRepository"/>
</bean>
</property>
<!-- The attribute used to define the new Principal ID -->
<property name="filter" value="(cn=%u)"/>
<property name="principalAttributeName" value="cn"/>
<property name="searchBase" value="${ldap.cnx.searchdn}"/>
<property name="contextSource" ref="contextSource"/>
</bean>
</entry>
</util:map>
