[cas-dev] CredentialsToPrincipalResolvers
Stephen A. Cochran
stephen.a.cochran at Dartmouth.EDU
Wed Jan 31 12:41:03 EST 2007
I need to add an additional check to our X509 flow, basically
checking to make sure the username in the cert hasn't expired from
our LDAP server.
I could modify the AuthenticationHandler itself, but right now I'm
already using the stock one and the less I modify the better obviously.
I have a custom X509CredentialsToPrincipalResolvers which creates a
DartmouthPrincipal object. Either of those classes could do the
check. My question is can a failure in one of those classes "trickle
back" and cause the same flow that a failure in the AuthHandler
itself would cause?
Thanks,
Steve
More information about the cas-dev
mailing list