> retrieving his name as attribute and the client could decide by a > requestfilter if the user coul access the application
I want to emphasize that you can do these sorts of things without _any_ customization to CAS whatever. We do this and it works beautifully. You can pass _arbitrary_ attributes to applications and let them decide how to authorize users. You simply configure the clients to validate tickets at /samlValidate, and on success the app gets a response similar to that mentioned in http://www.ja-sig.org/wiki/display/CASUM/SAML+1.1. You configure the attributes in that response using the instructions on the page I mentioned previously. Then the request filter, in your hypothetical scenario, makes a decision based on that data: allow or deny access. M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
