Hi,
I have followed the manual steps: https://wiki.jasig.org/display/CASUM/X.509+Certificates It works fine configuring deployerConfigContext.xml with <bean class="org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateC redentialsToSerialNumberPrincipalResolver"> <property name="attributeRepository"> <ref bean="attributeRepository" /> </property> </bean> But it doesn´t work if I use <bean class="org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateC redentialsToIdentifierPrincipalResolver"> <property name="identifier" value="$SERIALNUMBER" /> <property name="attributeRepository"> <ref bean="attributeRepository" /> </property> </bean> In the log appears 010-10-26 10:29:54,223 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /CAS 2010-10-26 10:29:54,223 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /CAS 2010-10-26 10:29:54,229 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service. 2010-10-26 10:29:54,232 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not generate service. 2010-10-26 10:29:54,246 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteracti veAction] - Certificate found in request. 2010-10-26 10:29:54,321 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - --examining cert[133091037856105669837673331152098874953] CN=AC DNIE 001, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES" from issuer "CN=AC RAIZ DNIE, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES" 2010-10-26 10:29:54,321 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - certificate is valid 2010-10-26 10:29:54,323 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - Pattern Match: true [CN=AC RAIZ DNIE, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES] against [.*OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES]. 2010-10-26 10:29:54,323 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - certificate was issued by trusted issuer 2010-10-26 10:29:54,324 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - this is a CA certificate 2010-10-26 10:29:54,326 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - --examining cert[127875069361157772077911648576111529075] CN="CARRERAS CALERO, FRANCISCO JAVIER (AUTENTICACIÓN)", GIVENNAME=FRANCISCO JAVIER, SURNAME=CARRERAS, SERIALNUMBER=40115811N, C=ES" from issuer "CN=AC DNIE 001, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES" 2010-10-26 10:29:54,326 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - certificate is valid 2010-10-26 10:29:54,327 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - Pattern Match: true [CN=AC DNIE 001, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES] against [.*OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES]. 2010-10-26 10:29:54,329 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - certificate was issued by trusted issuer 2010-10-26 10:29:54,329 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - this is an end-user certificate 2010-10-26 10:29:54,331 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - Pattern Match: true [CN="CARRERAS CALERO, FRANCISCO JAVIER (AUTENTICACIÓN)", GIVENNAME=FRANCISCO JAVIER, SURNAME=CARRERAS, SERIALNUMBER=30954585N, C=ES] against [.*]. 2010-10-26 10:29:54,332 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - cert[127875069361157772077911648576111529075] ok, setting as credentials candidate 2010-10-26 10:29:54,333 INFO [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsA uthenticationHandler] - authentication OK; SSL client authentication data meets criteria for cert[127875069360057772077960648576222529075] 2010-10-26 10:29:54,334 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAu thenticationHandler successfully authenticated the user which provided the following credentials: org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredenti a...@223d9b 2010-10-26 10:29:54,335 DEBUG [org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredent ialsToIdentifierPrincipalResolver] - Attempting to resolve a principal... 2010-10-26 10:29:54,336 INFO [org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredent ialsToIdentifierPrincipalResolver] - Creating principal for: CN="CARRERAS CALERO, FRANCISCO JAVIER (AUTENTICACIÓN)", GIVENNAME=FRANCISCO JAVIER, SURNAME=CARRERAS, SERIALNUMBER=40115811N, C=ES 2010-10-26 10:29:54,508 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service. 2010-10-26 10:29:54,509 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not generate service. =====attributeRepository====== <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttribut eDao"> <constructor-arg index="0" ref="dataSource" /> <constructor-arg index="1" value="SELECT APELLIDO1,NOMBRE,NUM_DOC FROM USUARIOS WHERE {0}" /> <property name="queryAttributeMapping"> <map> <entry key="username" value="num_doc" /> </map> </property> <property name="resultAttributeMapping"> <map> <entry key="APELLIDO1" value="APELLIDO1" /> <entry key="nombre" value="nombre" /> <entry key="num_doc" value="num_doc" /> </map> </property> </bean> Environment ========================================== CAS 3.4.2 DB Oracle 10g Express Edition -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
