Hi Marvin, Thanks for the advice. It's very wellcome!! I have all the configuration almost ready :)
Best regards, Ricardo --- Salut, ==================================== Ricardo Borillo Domenech ~ @borillo http://xml-utils.com On Fri, Mar 7, 2014 at 1:09 PM, Marvin Addison <marvin.addi...@gmail.com> wrote: >> Now, we need to add X509 based authentication. The idea is that the >> user will be able to choose between regular LDAP auth with login/pass >> or X509 certificate. > > It's supported and we have used it production for several years. I > would _strongly_ recommend that you configure your container for > optional client auth so that you can gracefully handle "certificate > not found" situations with server-side error messages; otherwise > you're in the land of very unfriendly client-side "cannot negotiate > SSL connection" messages which typically baffle users. Other than that > it's simply a matter of defining the authentication handlers and > principal resolvers in CAS, UI changes, and possibly some webflow > tweaks to handle login form selection and error conditions. > > M > > -- > You are currently subscribed to cas-user@lists.jasig.org as: bori...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
