> I am not sure why Ellucian did not make use of a key-ref, but there it is. > I think an explanation of why attribute filters are defined in both places > would be of great help to me .. this has always been murky in my > understanding.
I've read your original post a couple times and I'm not entirely clear on the use case. I do understand, however, the need for LinkedAuthenticationHandlerAndCredentialsToPrincipalResolverAuthenticationManager and key-ref in your case. That component is needed whenever you have two credential classes of the same type (UsernamePasswordCredentials are used to authenticate to both SunDS and AD) but you need different principal resolution methods. The solution is to switch on the authentication handler, by reference, that successfully authenticated the credentials. Thus the reference (key-ref) to the authentication handler. You're using the authentication handler to select the principal resolver that refers to the same directory that authenticated the user. M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user