I agree with Ray that most of the heavy lifting for that scenario would be in the application. However, what is going on is that there are different levels of access based on the session context. So if I am able to log in simply because of a long-lived session cookie, I have access to some parts of my user data. But to make changes or spend money, I need to have additional authorization, often in the form of a more recent authentication.
CAS can still be a component in that kind of authentication/access control decision, but the enforcement of such a policy is *typically* within the application. For example, an application may allow you to view your data with a simple authentication. But in order to modify or access your stored credit card information, you may be required to authenticate with some kind of MFA. CAS can provide attributes that can aid the application in deciding whether or not this type of access should be granted. But it is *typically* the application's responsibility to enforce that kind of access control. Thanks, Carl Waldbieser On Tue, Feb 22, 2022 at 3:15 PM Ray Bon <r...@uvic.ca> wrote: > Pablo, > > That kind of behaviour is in your application and has nothing to do with > cas. If the application determines that a user needs to log in, then send > them to cas. > > Ray > > On Tue, 2022-02-22 at 09:15 -0800, Pablo Vidaurri wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > Hi, not sure exactly what this is called but I'm sure you have seen it on > Amazon, Best Buy, etc. You have access to view browsing history, shopping > cart, etc but when you actually click on order history, profile, etc you > are prompted to log in. > > So some items are viewable but once you start to interact you get prompted > to login. > > How does a site do something like that? I'm assuming CAS doesn't offer > anything like that, correct? > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional > territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ > peoples whose historical relationships with the land continue to this day. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/4d0192fbf57df796bb01fc65893443b1064903ce.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/4d0192fbf57df796bb01fc65893443b1064903ce.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbN8sNrT9_m7M7cbwEQcp0_VmvRgTRR2xSr5D2jTs547gg%40mail.gmail.com.
