> I want to separate the sso between these servers. A user logged in on > ServerA, can't login on ServerB and vice-versa, the user from ServerA is > allowed to access only the ServerA and it subservices.
I will assume services A and B are Java applications and you're using the latest Jasig Java CAS client, 3.1.6. If you just want to force reauthentication between services A and B, you could set the renew flag on both the AuthenticationFilter and Cas20ProxyReceivingTicketValidationFilter filters in the web.xml for both services. See http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml for more information. If the subservices are truly subservices (different host/container/application), you'd probably need to set them up for CAS proxy authentication to enable SSO for the subservices, but not the subservices of another service. You should not have to modify the CAS server or clients to achieve a workable solution in any case. Regards, M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
