My company is implementing a system that uses X509 certs and web services internally. The work flow would go like this:
1. CAS receives the user cert. 2. CAS extracts the DN from the cert. 3. CAS calls our webservices, supplying the DN. 4. Web services send CAS back a list of the user's groups. 5. CAS forwards on a ticket with the user and their groups to the CASified applications. Based on looking through the code, my initial reaction on how to implement this would be to... 1. write a class that implements IPersonAttributeDao and that calls our web services. 2. set the X509CertificateCredentialsToDistinguishedNamePrincipalResolver bean to use our class that implements IPersonAttributeDao. 3. use the X509CertificateCredentialsToDistinguishedNamePrincipalResolver to extract the DN from the user cert. Is this the process that CAS would expect? Thanks, Mike -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
