CAS, Spnego and the "pre Windows 2000 logon name"
Céline Aussourd
celine.aussourd at ville-chateauroux.fr
Mon May 26 06:04:04 EDT 2008
Hi,
> >
> > What's your setting of principalWithDomainName (property of
> > JCIFSSpnegoAuthenticationHandler)?
>
It's "true". That's why "MC\" appears in the user name.
> Are you sure that SPNEGO was done with Kerberos?
> Or was it done with NTLM?
>
I followed this tutorial : http://www.ja-sig.org/wiki/display/CASUM/SPNEGO
I hope I answered your question.
> Did your browser ask for username/password (not CAS' login form).
>
No, my browser didn't ask.
> What's your setting of NTLMallowed (property of
> JCIFSSpnegoAuthenticationHandler)?
>
It's "true". If I set to "false", the authentication doesn't work.
> If you want to allow SPNEGO with NTLM you could try to map the principal
> name to userPrincipalName like described here:
> http://www.ja-sig.org/wiki/display/CASUM/Attributes
>
Thanks for the idea. I'm trying.
I have to substitute my credentialToPrincipalResolver
/<bean
class="org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver"
/>/
by this one :
/<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
[...]
</bean>/
Is that correct ?
The SpnegoCredentialsToPrincipalResolver is used by the
SpnegoCredentialsAction and I don't know how to modify the configuration
files to change this login flow.
Céline
More information about the cas
mailing list