[cas-dev] Decoupling CAS' AuthN and Ticketing (Was Re: SPNEGO)

[Scott Battaglia]

We don't have that documentation available yet.  I can give a high level 
overview:

1.  You'll need to configure 
org.jasig.cas.adaptors.trusted.authentication.handler.support.PrincipalBearingCredentialsAuthenticationHandler 
as an authentication handler (no properties)

2.  You'll need to configure 
org.jasig.cas.adaptors.trusted.authentication.principal.PrincipalBearingCredentialsToPrincipalResolver 
as a CredentialsToPrincipalResolver (no properties)

And then depending on whether you expect the user to be in the remote 
user or the UserPrincipal part of the request, you would need to enable 
one of the web.flow classes in your cas-servlet.xml (there are examples 
in there) and then add it to the login-flow.xml (you can probably follow 
the X.509 example).

-Scott

Stephen A. Cochran wrote:
> (switching this to the user's list since it's a config question)
>
> Is the setup of the trusted principal documented anywhere? I have our  
> production server configured to use SPNEGO for some test directories,  
> and I'm at the point where I'd like to have CAS trust the RemoteUser  
> if it's set.
>
> Steve Cochran
>
> On Feb 24, 2006, at 6:38 PM, Scott Battaglia wrote:
>
>   
>> I've refactored the RemoteUser support to use the
>> AbstractNonInteractiveCredentialsAction to retrieve the remote user
>> (rather than a CredentialsBinder which really only applies to the
>> AuthenticationViaForm action).
>>
>> I also adjusted the PrincipalBearingCredentials to never allow
>> instantiation without a trusted principal. Finally, I moved the
>> PrincpalBearing* into the remote user adaptor as that seemed like the
>> only place they'd be used.
>>
>> If any of these assumptions are wrong, let me know so we can back  
>> out of
>> them :-D
>>     
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>