You can also filter (sort of pseudo-authorization) directly in CAS based on users attributes (using service access strategy).
On Wed, Nov 20, 2019 at 11:01 AM Richard Frovarp <[email protected]> wrote: > It depends on what you are after. You can do authentication checks for the > whole service using the service access strategy: > > https://apereo.github.io/cas/6.1.x/services/Configuring-Service-Access-Strategy.html > > You can also do attribute release in a lot of the authentication protocols > that CAS uses. You release whatever attributes you feel like you need to, > and then the application has them available for authorization. CAS could > pull the list of groups an account is a member of through LDAP/AD and > return that to the application. They application could then do > authorization checks based on that information. You can also return > something like a list of entitlements. Where and how you store those is up > to you. Pulling it from the same system they authenticated against makes it > easy to setup and get running. You could resolve all of the groups out of > Grouper if you wanted. > > In higher education there are a lot that are using Grouper for some of the > problems. Internet2 is helping to move along the Grouper, Shibboleth, > COManage, and midPoint combination. You can pretty easily swap CAS for > Shibboleth, or run both. https://www.incommon.org/trusted-access/ > > On 11/20/19 6:00 AM, Ramakrishna G wrote: > > Hi everyone, > > A few questions for those of you who are using IAM plus SSO. > > 1. Does CAS support both authentication as well as authorization? > 1. If Yes, Can you please elaborate with documentation. > 2. If No, Any workaround can be done on CAS to support > authorization? > 2. Which Database to use? I figured out LDAP supports authorizations > but is there some other db suggestions. > 3. I am also curious to know the industry standard product for IAM & > SSO? If possible, please share the technical stack used for the same. > > > We'd like to know what other folks' are using for IAM & SSO, so that maybe > we can make a better choice. > > Thanks, > -Ram > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/7edaca52-e82f-42ec-9b37-6cb5ce4346f9%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7edaca52-e82f-42ec-9b37-6cb5ce4346f9%40apereo.org?utm_medium=email&utm_source=footer> > . > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1b5f6728-3dcb-2bbb-9068-6a86843f7e3a%40ndsu.edu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1b5f6728-3dcb-2bbb-9068-6a86843f7e3a%40ndsu.edu?utm_medium=email&utm_source=footer> > . > -- ! roger -- www.yerbynet.com -- Un ordinateur sans connexion Internet, c'est un peu comme une télévision sans antenne :) -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHu2YPEFkj91AfKoWVpUteqhhZ8zVBnr5dfHzqeo8mdykOD%3D_A%40mail.gmail.com.
