wrong x509 instructions?
Lukas Haemmerle
haemmerle at switch.ch
Mon Aug 7 11:55:34 EDT 2006
I just tried to configure CAS 3.0.5 for client AuthN, but always got an
exception when deploying the war file.
Can it be that there is an inconsistency on
http://www.ja-sig.org/products/cas/server/certs/index.html ?
Instead of
<bean
class="org.jasig.cas.authentication.handler.support.X509CredentialsAuthenticationHandler">
<property
name="trustedIssuer"
value="trustedIssuer" />
</bean>
It probably should be
<bean
class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler">
<property
name="trustedIssuer"
value="trustedIssuer" />
</bean>
in the authenticationHandler section.
Moreover, it would help people if it was described in greater detail how
to configure the credentialsToPrincipalResolvers (or have I just looked
at the wrong places?). E.g. the complete code snippets could be provided
<bean
class="org.jasig.cas.authentication.principal.X509CertificateCredentialsToDistinguishedNamePrincipalResolver"
/>
<bean
class="org.jasig.cas.authentication.principal.X509CertificateCredentialsToIdentifierPrincipalResolver"
[probably some params....]
/>
<bean
class="org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToSerialNumberPrincipalResolver"
/>
This would have helped a CAS 3.0 newbie who was used to have a
dead-simple configuration like ESUP CAS :)
Cheers
Lukas
PS: Client AuthN still is not yet working as an alternate authentication
method to LDAP, but I'm getting closer :)
--
------- SWITCH - The Swiss Education & Research Network ------
Lukas Haemmerle Security http://www.switch.ch/
SWITCH, Neumuehlequai 6, P.O. Box, CH-8021 Zurich, Switzerland
haemmerle at switch.ch Tel: +41 44 268 15 64 Fax: +41 44 253 98 98
More information about the cas
mailing list