Certificate & Credentials sign on

Matthew Jones matthew.jones at interactivedata.com
Tue Sep 23 12:53:21 EDT 2008 

Having got CAS to work with OpenLDAP as the authentication mechanism I 
now have an additional requirement to use certificates as well - not 
instead of. The current (non-CAS) system authenticates with a username & 
password and then gets the browser to forward the E-mail address 
associated with the certificate and then compares that with the public 
certificate for the user which is also held in LDAP. Ideally, we would 
like a CAS system that requires both the certificate and the username & 
password to be validated altogether. Now, I know that the username is, 
in reality, redundant and that is a rather strange authorisation 
scenario but it's what I have to live with.

I know that CAS supports certificate based authentication but I haven't 
investigated this feature. My basic question is how easy / difficult 
would it to be to configure a CAS system that used both certificate and 
username/password based authentication? Has anyone tried anything 
remotely similar to this? If someone could could give me even a rough 
idea by tomorrow that would be great as that's when I need to answer 
some management questions! There's now talk of moving to an 
ActiveDirectory back-end instead of LDAP but I have assumed that that 
won't be a major issue. I'll be reading some of the certificate stuff 
but certainly won't have enough time to get one going before I am 
questioned.

Thanks

P.S. I am aiming to propose the use of CAS if at all possible.

-- 
Matthew Jones
Interactive Data Managed Solutions Ltd
-----------------------------------------------------------------------------------
Registered in England Company Number 3691868
Registered Office: Suite 1101 Eagle Tower | Montpellier Drive | 
Cheltenham | Gloucestershire | GL50 1TA
Tel: +44 (0)1242 694133 | Fax: +44 (0)1242 694109
matthew.jones at interactivedata.com
http://www.interactivedata-ms.com/694133
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2677 bytes
Desc: S/MIME Cryptographic Signature
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080923/7e04b899/attachment.bin

More information about the cas mailing list