Eric, Am I correct in understanding that you are unable to authorize individual users to be able to use your document storage system? Because if you *can* grant access to individual's accounts, it would seem that you want to use proxy-CAS.
If there is some reason you can only access document storage system with a single account, it makes me wonder why the application is CASified in the first place. Thanks, Carl Waldbieser ITS Accounts Lafayette College ----- Original Message ----- From: "Eric Lauffenburger" <elauf...@pepperdine.edu> To: cas-dev@lists.jasig.org Sent: Wednesday, May 14, 2014 11:26:06 AM Subject: Re:[cas-dev] CAS Impersonation I think the main reason that we would want to do this is so that a call could be made on the backend without needing to actually redirect the user -- an example of this would be: - User logs into web application - Web application contacts webservice - Webservice contacts 3rd-party CASified webservice with generic credentials - 3rd-party webservice returns information to webservice - Webservice returns it to webapp - User sees information and smiles (this is very good information) The whole issue exists because we would like to contact our document storage software's API, but can't do it from the serverside without first getting through CAS. While I definitely agree that Shiro is a great choice for authorization, what we're saying is that EVERY call be made to this software as something like "Document_Storage_API_User" (as an AD user) and passed through CAS (which is hooked into AD). -- You are currently subscribed to cas-dev@lists.jasig.org as: waldb...@lafayette.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
