x509 authentication AND a user repository

Scott Battaglia scott_battaglia at rutgers.edu
Wed Jun 21 08:44:33 EDT 2006 

If you log a JIRA issue for this, I'll have it fixed for RC2 (which my 
plan is to get out later today or early tomorrow).

-Scott

Velpi wrote:
>> Since you have your complete list of users in your user repository you 
>> could use the Authentication Handlers unmodified (just limiting using 
>> the subject DN) and then use the custom CredentialsToPrincipalsResolver 
>> to turn the credentials into a Principal (and returning null if none can 
>> be found).
>>     
> After building this, I had to modify 
> AbstractX509CertificateCredentialsToPrincipalResolver so it can also handle a 
> "null" principal, but it seems all classes cannot handler returning null in 
> stead of a principal (see included log). [I'm building on CAS 3.0.5-RC1]
>
>
> Any other ideas? [meanwhile I'll keep looking]
>
>
>
> 13:19:36,852 [http-8443-Processor25] INFO  Principal was not found in LDAP, 
> returning null - 
> org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToLDAPAttributePrincipalResolver 
>
>
> 13:19:36,852 [http-8443-Processor25] INFO  Principal could not be resolved, 
> returning null - 
> org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToLDAPAttributePrincipalResolver 
>
>
> 13:19:36,892 [http-8443-Processor25] ERROR Servlet.service() for servlet cas 
> threw exception - 
> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]
> java.lang.IllegalArgumentException: principal cannot be null
> 	at org.springframework.util.Assert.notNull(Assert.java:117)
> 	at 
> org.jasig.cas.authentication.AbstractAuthentication.<init>(AbstractAuthentication.java:31)
> 	at 
> org.jasig.cas.authentication.MutableAuthentication.<init>(MutableAuthentication.java:32)
> 	at 
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:114)
> 	at 
> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:282)
> 	at 
> org.jasig.cas.web.flow.AbstractNonInteractiveCredentialsAction.doExecuteInternal(AbstractNonInteractiveCredentialsAction.java:68)
> 	at 
> org.jasig.cas.web.flow.AbstractLoginAction.doExecute(AbstractLoginAction.java:63)
> 	at 
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:217)
>
>
> --Velpi
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>

More information about the cas mailing list