The next CAS release will have a few authz features built-in: http://jasig.github.io/cas/development/installation/Service-Management.htm l#configure-service-access-strategy
Or you could always use something like this: https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorizatio n -----Original Message----- From: Joshua Vecsei [mailto:j.vec...@gmx.de] Sent: Sunday, April 26, 2015 4:09 AM To: cas-dev@lists.jasig.org Subject: Re: [cas-dev] CAS Authorization vs Shibboleth Authorization Hello, thank you! I will try this today. I think it is still a bit strange, that Shibboleth can say they support authorization ( http://en.wikipedia.org/wiki/Shibboleth_%28Internet2%29 ) and CAS does not. Even if they to the same thing -> just supporthing the service providers for making their own decissions about authorization based on the returned attributes ( roles/permissions ). Am 25.04.2015 um 16:32 schrieb Zico: > Joshua, > > You may try Gluu Server SSO system. It's open source and shibboleth, > CAS, OpenID Connect are also included there. They have community > edition rpm/deb, which you can try to install in your own VM. > http://www.gluu.org/docs/articles/gluu-server-ce/ > > On Sat, Apr 25, 2015 at 6:56 AM, Joshua Vecsei <j.vec...@gmx.de > <mailto:j.vec...@gmx.de>> wrote: > > Hello, > > I am working on a document to compare different Single Sign-On systems. > At the moment I am trying to find out what the pros and cons about > the CAS Authorization is, which means just sending additional > attributes, like permissions, to the service provider after logging > in, and shibboleths way to request the permissions after logging in. > As far as i understood shibboleth just does the same thing, just > sending attributes to the service provider as the SP requests them. > > Why is this 'better' than using the CAS additional attributes to > authorize people, also regarding security issues? I am a little bit > confused about the correct definition of a SSO system that provides > authorization. > > Thanks in advance. > > Regards > Joshua > > > > > -- > You are currently subscribed to cas-dev@lists.jasig.org > <mailto:cas-dev@lists.jasig.org> as: mailz...@gmail.com > <mailto:mailz...@gmail.com> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > > -- > Best, > Zico > > -- > You are currently subscribed to cas-dev@lists.jasig.org > <mailto:cas-dev@lists.jasig.org> as: j.vec...@gmx.de To unsubscribe, > change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to cas-dev@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
