Hi Ávaro, Thank you very much for your help. I will review your recomendations and let you know :) --- Salut, ==================================== Ricardo Borillo Domenech ~ @borillo http://xml-utils.com
On Fri, Mar 7, 2014 at 9:23 AM, Reig Gonzalez, Alvaro <alvaro.r...@inap.es> wrote: > Hi Ricardo, > > I have both authentications enabled in my setup (along with kerberos). I > don't have any docs, but if you get intro dead ends I can look in my setup > and try to help you out. > > First, I have a X509CertificateLDAPEntryMapperResolverConfig bean inside my > credentialsToPrincipalResolvers: > > <bean class="REPLACED. REPLACED.cas.X509CertificateLDAPEntryMapperResolver" > p:contextSource-ref="contextSource" > p:base="dc= REPLACED,dc= REPLACED " > > > > Inside that Bean I have some configuration about the ACs whose x509v3 > certificate I allow my users to present, along with a > X509CertificateLDAPEntryMapperResolverConfig > > <property name="config"> > > <list> > > <bean class=" > REPLACED. REPLACED.inap.cas.X509CertificateLDAPEntryMapperResolverConfig" > > > <property > name="description"> > > > <value>FNMT</value> > > </property> > > <property > name="lookupRegex"> > > > <value><![CDATA[.*FNMT.*]]></value> > > </property> > > <property > name="nifRegex"> > > > <value><![CDATA[(?<=NIF )(.*?)(?=\,)]]></value> > > </property> > > <property > name="cnRegex"> > > > <value><![CDATA[(?<=cn\=)(.*?)(?=\,)]]></value> > > </property> > > </bean> > > <bean class=" > REPLACED. REPLACED.inap.cas.X509CertificateLDAPEntryMapperResolverConfig" > > > <property > name="description"> > > > <value>Camerfirma</value> > > </property> > > <property > name="lookupRegex"> > > > <value><![CDATA[.*AC CAMERFIRMA.*]]></value> > > </property> > > <property > name="nifRegex"> > > > <value><![CDATA[(?<=- )(.*?)(?=\,)]]></value> > > </property> > > <property > name="cnRegex"> > > > <value><![CDATA[(?<=cn\=)(.*?)(?=\,)]]></value> > > </property> > > </bean> > > <bean class=" > REPLACED. REPLACED.inap.cas.X509CertificateLDAPEntryMapperResolverConfig" > > > <property > name="description"> > > > <value>Firmaprofessional</value> > > </property> > > <property > name="lookupRegex"> > > > <value><![CDATA[.*AC Firmaprofesional.*]]></value> > > </property> > > <property > name="nifRegex"> > > > <value><![CDATA[(?<=DNI )(.*?)(?=\,)]]></value> > > </property> > > <property > name="cnRegex"> > > > <value><![CDATA[(?<=cn\=)(.*?)(?=\,)]]></value> > > </property> > > </bean> > > <bean class=" > REPLACED. REPLACED.inap.cas.X509CertificateLDAPEntryMapperResolverConfig" > > > <property > name="description"> > > > <value>DNI Electrónico</value> > > </property> > > <property > name="lookupRegex"> > > > <value><![CDATA[.*DIRECCION GENERAL DE LA POLICIA.*]]></value> > > </property> > > <property > name="nifRegex"> > > > <value><![CDATA[(?<=SERIALNUMBER\=)(.*?)(?=\,)]]></value> > > </property> > > <property > name="cnRegex"> > > > <value><![CDATA[(?<=cn\=)(.*?)(?=\,)]]></value> > > </property> > > </bean> > > </list> > > </property> > > Then you have to set up your login-webflow.xml to establish the priority of > your auth sources. In my case, it was x509v3 and then user/password. > > In my case I used the Spanish ID (DNI) to link a x509v3 certificate to a > openldap user (which has an EmployeeNumber). > > Good luck, regards. > > Álvaro Reig González > Consejero Técnico > informática - Gerencia > Instituto Nacional de Administración Pública > > > > alvaro.r...@inap.es > www.inap.es > Antes de imprimir este e-mail piense bien si es necesario hacerlo > > > -----Mensaje original----- > De: Ricardo Borillo [mailto:bori...@gmail.com] > Enviado el: viernes, 07 de marzo de 2014 8:58 > Para: cas-user@lists.jasig.org > Asunto: [cas-user] Mixed auth: LDAP with user/pass + X509 > > Hi guys, > > We have an up & running installation of CAS 3.5 with LDAP auth. Thanks for > such a great tool :) > > Now, we need to add X509 based authentication. The idea is that the user will > be able to choose between regular LDAP auth with login/pass or X509 > certificate. > > Is this supported by CAS? I have reviewed the main docs, but i only have seen > a description for one or another system, but not both. Is there any > documentation of this use case? > > Thanks again!!!! > > --- > Salut, > ==================================== > Ricardo Borillo Domenech ~ @borillo > http://xml-utils.com > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > alvaro.r...@inap.es To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: bori...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user