Skip to end of metadata
Go to start of metadata
Table of Contents

New CAS documentation site

CAS documentation has moved over to, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link.

Use DirectMappingAuthenticationManagerImpl to transform a credential as a function of authentication handler.  In order for this component to be used effectively, the different handlers MUST use different credential types.  An example may illustrate the use case more clearly.  Let's make the following assumptions:

  • There are two authentication stores for authenticating users, LDAP and X.509 certificates.
  • A FastBindLdapAuthenticationHandler named ldapHandler authenticates users to the LDAP directory, and a X509CredentialsAuthenticationHandler named certHandler authenticates X.509 certificates.
  • The credentials used to authenticate against the LDAP directory need to be transformed to a principal in a different manner from that of certificates.
  • A CredentialToPrincipalResolver component exists for transforming LDAP credentials named ldapResolver and another for X.509 certificates named certResolver.

The following configuration may be used to authenticate users and resolve principals according to the use case above.

Sample DirectMappingAuthenticationManagerImpl Configuration
<bean id="authenticationManager" class="org.jasig.cas.authentication.DirectMappingAuthenticationManagerImpl">
  <property name="credentialsMapping">
      <entry key="org.jasig.cas.authentication.principal.UsernamePasswordCredentials">
        <bean class="org.jasig.cas.authentication.DirectMappingAuthenticationManagerImpl.DirectAuthenticationHandlerMappingHolder"
          p:credentialsToPrincipalResolver-ref="ldapResolver" />
      <entry key="org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentials">
        <bean class="org.jasig.cas.authentication.DirectMappingAuthenticationManagerImpl.DirectAuthenticationHandlerMappingHolder"
          p:credentialsToPrincipalResolver-ref="certResolver" />
  • No labels