Good day! I've looked around for ways to enable SSO for our web applications and CAS came out as an answer a lot, so I did some research and gave it a try. So far, I managed to get the server running and it generates de tickets using data for an 'access' database table. I have an issue with the redirects, but that's not the topic of this.
The doubts I have are about the UserDetailsService and UserDetails. Many of the tutorials and documentations I've read touch into this breefly. I also didn't think it was much necesary since using Spring Security formLogin is pretty much the same concept, but as I tried to 'map' my needs to this, things got confusing. As I understand, CAS will use this 'access' table to authenticatate, but that means that Spring will use it's own 'users' table to authorize. This kind of breaks my requirements, as the idea of enabling SSO was to have a single 'users/access' table, not one for every webapp as we have right now. The idea was to have the principal with important data (principal name, password as it's required to enter it for certain important transactions, autorithes for access and a few other pieces of information that will let us know if an user can access one webapplication or not), so having the 'users 'data to check for authorizations kind of make it seem like there will be duplicated data as the info in 'access' will need to match the UserDetails from 'users'... right? Is this the way it should be or am I just not getting something? To be fair, it would make my life easier to not change the 'users' tables of our webapps, but for some other stuff, like adding new users, will get more complex as i'd need to set up another datasource pointing to the database containing 'access' -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f68d3761-8b10-450c-8c56-6b4a6d00ed55n%40apereo.org.
