I know we have implemented our own custom "logon as" with CAS client but would rather it be a part of the supported CAS client/server
Chris Whittle SWAT Team Developer J.B. Hunt Transport Services, Inc. Office Phone:(479) 419-3122 Ext:73122 Fax Phone:(479) 820-1769 [email protected] What's your next move?TM Intermodal | Dedicated | Truckload | LTL | Delivery | Refrigerated | Flatbed | Expedited Alan Leung <[email protected]> 05/21/2010 01:16 PM Please respond to [email protected] To [email protected] cc webunit-cas <[email protected]> Subject [cas-dev] "Login as" ("sudo") for CAS Server? Hello CAS Community, We'd like to have some discussion about introducing "login as" ("sudo") functionality to the CAS Server. In our environment, HelpDesk currently uses the "backdoor" login as functionality built into Moodle to assume another user's identity to see what that Moodle user sees, in order to trouble-shoot Moodle issues. HelpDesk has been requesting similar "login as" functionality to trouble-shoot issues within uPortal and other CAS-protected services. While one could attempt to implement this functionality within, e.g., a uPortal installation, use of Proxy CAS complicates things and it would seem to make sense to centralize the "login as" functionality in the CAS Server so that all CAS services in our environment can gain this functionality. Security, of course, is a chief concern and strict controls and auditing around this "login as" access needs to be in place. We have been working on updating our CAS Server to implement this functionality. Our changes attempt to adhere to the design of the CAS Server, e.g. by introducing a LoginAsAuthorizationHandler interface that could have various implementations. In our environment, the implementation would talk to our LDAP server to confirm whether the current user's authentication has the authority (configurable LDAP group membership) to assume the identity of the requested user. If there is interest, we would like to work with the CAS community to have this functionality accepted upstream. We can send a draft patch with our proposed implementation in a subsequent email. Does the CAS community have interest in adding this "login as" functionality to the CAS Server? Thank you, -- Alan Leung Athabasca University http://www.athabascau.ca/ e: [email protected] __ This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed. --- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
<<image/gif>>
