It depends on what you are after. You can do authentication checks for the whole service using the service access strategy: https://apereo.github.io/cas/6.1.x/services/Configuring-Service-Access-Strategy.html
You can also do attribute release in a lot of the authentication protocols that CAS uses. You release whatever attributes you feel like you need to, and then the application has them available for authorization. CAS could pull the list of groups an account is a member of through LDAP/AD and return that to the application. They application could then do authorization checks based on that information. You can also return something like a list of entitlements. Where and how you store those is up to you. Pulling it from the same system they authenticated against makes it easy to setup and get running. You could resolve all of the groups out of Grouper if you wanted. In higher education there are a lot that are using Grouper for some of the problems. Internet2 is helping to move along the Grouper, Shibboleth, COManage, and midPoint combination. You can pretty easily swap CAS for Shibboleth, or run both. https://www.incommon.org/trusted-access/ On 11/20/19 6:00 AM, Ramakrishna G wrote: Hi everyone, A few questions for those of you who are using IAM plus SSO. 1. Does CAS support both authentication as well as authorization? * If Yes, Can you please elaborate with documentation. * If No, Any workaround can be done on CAS to support authorization? 2. Which Database to use? I figured out LDAP supports authorizations but is there some other db suggestions. 3. I am also curious to know the industry standard product for IAM & SSO? If possible, please share the technical stack used for the same. We'd like to know what other folks' are using for IAM & SSO, so that maybe we can make a better choice. Thanks, -Ram -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7edaca52-e82f-42ec-9b37-6cb5ce4346f9%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/7edaca52-e82f-42ec-9b37-6cb5ce4346f9%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1b5f6728-3dcb-2bbb-9068-6a86843f7e3a%40ndsu.edu.
