I would like to configure Pentaho BI Server to authenticate users solely based on their X.509 cert. I'm having a really hard time feeling my way around the Pentaho development environment though. Generally speaking there's four basic tasks I need to accomplish.

1. Configure Tomcat to require a client certificate. DONE.
2. Examine the cert at session start and pull the dn.
3. Provision a new user (if the dn does not map to an existing user).
4. Login the user who maps to the dn.

So far I've downloaded the Design Studio 4.0 and tinkered with that some. From examining the Admin UI I can use "pacsvc" to provision a user, and an article at http://wiki.pentaho.com/display/Serv...nt+Certificate looked promising but seems to skip step 3, even if I could get it working in BI Server 3.10.

If someone could provide some pointers for accomplishing the steps above I'd really appreciate it.