You are here

External Authentication Service and LP5

Submitted by dalles on Wed, 03/11/2015 - 15:42



We're in the process of upgrading to LP5 and one of the questions that needs answering is how some current user accounts will be able to access without having to authenticate through CAS. Mostly, these are for testing purposes (so that various offices can log in to see what a certain population is seeing - these accounts only exist in Luminis). With LP4 we use External Authentication Service for these special accounts; however, I have not been successful in finding any documentation about this possibility in LP5.

Any information would be most appreciated.

Thank you in advance.


Luminis Version:


It sounds like you might be able to configure CAS for fallthrough authentication; where CAS looks at your EAS and then the Luminis 5 LDAP. You're correct that all users accessing the portal will have to authenticate through CAS but CAS can look at multiple directories when validating credentials and resolving the account information (principal and attributes).


CAS can be configured for multiple authentication providers to be tried in sequence. We backed away from that because we did not know how to differentiate between user ID not valid and password not valid. We did not want a valid user ID with password mismatch on an Active Directory credential check to fall through to Luminis LDAP - only invalid user ID's. I think now we could have managed that via the principal resolver event. I'm sure there is much more CAS expertise in this community than I have though.