I'm configuring Apereo CAS 7 to authenticate users via CAC (X.509) and LDAP. The expected flow is for CAS to extract the EDIPI from the certificate and use it to authenticate against LDAP. However, while I can see that CAS successfully performs an LDAP search using the EDIPI, the authentication result doesn’t seem to be affected when the EDIPI doesn’t match any LDAP entries—CAS still proceeds with authentication instead of failing.
My setup includes OpenLDAP running in a Docker container on port 389, CAS 7 deployed on Tomcat 11, and JSON service definitions for a clustered setup. Is there a specific CAS configuration required to enforce a strict EDIPI match for authentication? -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/05f3b515-2c0f-4ee4-a1b9-dc6ccefd011cn%40apereo.org.
