> Is there a solution in CAS (version 3.4.5) to remove the lower case and take > the exactly login type in browser? Or a solution to modify the attribute > sensisivity in Active Directory?
I would argue that it's a best practice to treat the value as it appears in the authentication store as authoritative, whatever the case may be, and that the value should be used as-is from the store and not as the user typed it. The typical flow is to optionally lowercase the username at CAS and then use the value exactly as it's returned from the directory as the principal. I can't speak to modifying attribute case behavior in AD specifically, but I'm aware that schema changes in AD are typically difficult and risky. Alternatively, you might consider a policy where you lowercase the value returned from the directory so that it appears to clients that the value is always lowercase. You could potentially write a custom CredentialToPrincipalResolver that preserves the case of the principal to exactly what the user provided, but it seems to me that risks creating new problems when other services come online that may have a different recorded case from the authoritative value in the directory. At that point there is no single value that works in all services and you're forced to make services agree with the authoritative value in the directory. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
