Hi all,

Mavin said: "I will assume services A and B are Java applications and you're
using
the latest Jasig Java CAS client, 3.1.6. "

They are php applications and I'm using the last version of CAS Server.

So... Could I configure CAS Server to know the services which is allowed and
not allowed?

Create a mapping of the services that he has to authenticate?

For example:
Group A
- www.serverA.com
- www.subServiceAA.com
- www.subServiceAB.com


Group B
- www.serverB.com
- www.subServiceBA.com
- www.subServiceBB.com

In other words, just allow these two groups. And if I logged in on Group A,
I don't allowed user sso to log in on Group B.

Thanks in advance,

Murilo

On Mon, Jun 1, 2009 at 8:58 AM, Murilo Foltran <[email protected]>wrote:

> Thanks Marvin,
>
> I'm trying to configure my files. I let you know when I have this solution
> working.
>
>
> Cheers,
>
> Murilo
>
>
> On Fri, May 29, 2009 at 12:26 PM, Marvin Addison <[email protected]
> > wrote:
>
>> > I want to separate the sso between these servers. A user logged in on
>> > ServerA, can't login on ServerB and vice-versa, the user from ServerA is
>> > allowed to access only the ServerA and it subservices.
>>
>> I will assume services A and B are Java applications and you're using
>> the latest Jasig Java CAS client, 3.1.6.  If you just want to force
>> reauthentication between services A and B, you could set the renew
>> flag on both the AuthenticationFilter and
>> Cas20ProxyReceivingTicketValidationFilter filters in the web.xml for
>> both services.  See
>>
>> http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml
>> for more information.
>>
>> If the subservices are truly subservices (different
>> host/container/application), you'd probably need to set them up for
>> CAS proxy authentication to enable SSO for the subservices, but not
>> the subservices of another service.
>>
>> You should not have to modify the CAS server or clients to achieve a
>> workable solution in any case.
>>
>> Regards,
>> M
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to