CAS, Spnego and the "pre Windows 2000 logon name"
Céline Aussourd
celine.aussourd at ville-chateauroux.fr
Fri May 23 12:48:58 EDT 2008
Hi,
My authentication using SPNEGO finally works :-) but I have now another
problem.
I'm working with an Active Directory with 2 logon names :
- the pre-Windows 2000 <DOMAIN>\<USERNAME1> (the <USERNAME1> is also
called sAMAccountName in ldap)
- and the other one <username2>@<my.domain.fr> (also called
userPrincipalName in ldap)
The problem is that my sAMAccountName is transmitted to my CAS client
whereas I would prefer my userPrincipalName...
I didn't find anything to help me. I don't even know where to search
exactly : AD config, CAS-Spnego config ?
Here is an extract of my logs, perhaps it would help :
DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] -
<Action 'SpnegoCredentialsAction' beginning execution>
DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] -
<SPNEGO Authorization header found with 212 bytes>
DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] -
<Obtained token: NTLMSSPn�HL\�
DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler]
- <nextToken is null>
DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler]
- <NTLM Credentials is valid for user [MC\CA_AUSSO]>
INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler
successfully authenticated the user which provided the following
credentials: MC\CA_AUSSO>
DEBUG
[org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver]
- <Attempting to resolve a principal...>
DEBUG
[org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver]
- <Creating SimplePrincipal for [MC\CA_AUSSO]>
DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] -
<Unable to obtain the output token required.>
DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] -
<Action 'SpnegoCredentialsAction' completed execution; result is 'success'>
DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
'SendTicketGrantingTicketAction' beginning execution>
DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
'SendTicketGrantingTicketAction' completed execution; result is 'success'>
DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' beginning execution>
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted
service ticket [ST-1-IMP2BhGBYnQozQsdxRR3-cas] for service
[http://pronostix:8080/c/portal/login] for user [MC\CA_AUSSO]>
DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' completed execution; result is 'success'>
Well, we can see that MC\CA_AUSSO is successfully authenticated but I
would prefer celine.aussourd at ville-chateauroux.fr
Merci par avance,
Regards,
Céline
More information about the cas
mailing list