> Someone is using the WebAuthenticationFilter to authenticate the JBoss EJB > Container?
Yes. > I have been configured it like in: > https://wiki.jasig.org/display/CASC/JAAS+Integration I wrote that up according to our use case. > All is working sucessfully except I want to access to the authenticated > username in the ejb layer. And when I call to context.getCallerPrincipal() I > get the service parameter instead. I'm a little surprised since CasLoginModule returns an AssertionPrincipal as the first principal of the authenticated subject. Then again, we deliberately use the service as the username credential for login. > The problem could be WebAuthenticationFilter in the line: > log.debug("Attempting CAS ticket validation with service=" + service + " and > ticket=" + ticket + " " + request.getRemoteUser()); > if (!new WebAuthentication().login(service, ticket)) { No problem here. Use of the service for authentication is indeed by design. A CAS client doesn't have a username until _after_ it validates the ticket, so there's absolutely no other option. The problem you describe sounds like https://community.jboss.org/thread/161436. I'm fairly certain it's possible to do what you need, although possibly not via EJBContext. The security APIs of JBoss are changing so fast I can't keep up. In any case we have CasLoginModule working to our satisfaction in an EJB webapp, though I can't say for sure we are doing what you want. Hopefully the thread I cited above will point you in the right direction. Keep in touch -- I'd like to know whether or not you get it working. M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user