REST authn with X.509

15 views

Skip to first unread message

Petr Gašparík - AMI Praha a.s.

unread,

Apr 14, 2021, 8:48:41 AM4/14/21

to CAS Community

Hi,

we use X.509 authentication on REST interface of Apereo with LDAP repository for attribute fetching (X509CredentialsAuthenticationHandler).

In general, it works, but we have troubles getting special attributes: nsRole, nsRoleDN and dn.

When REST interface of Apereo is called with username/password (LdapAuthenticationHandler), we get everything we need.

It is the same service and cas.authn.ldap[0].* for username/password (uid={user}) and cas.authn.attributeRepository.ldap[0].* for certificate (certsn={user}) has the same configuration.

Does that ring the bell for anyone?

Thank you in advance, Petr

Petr Gašparík - AMI Praha a.s.

unread,

Apr 14, 2021, 11:24:20 AM4/14/21

to CAS Community, Petr Gašparík - AMI Praha a.s.

Solved.

Attributes need to be defined in attribute resolution configuration - if nothing is used, then all attributes are fetched EXCEPT for some (f.e. operational)

https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap

Reply all

Reply to author

Forward

0 new messages