> 1) is it possible to use ldap groups in cas as a way for limiting/allowing > user access?
It sounds like you are describing a centralized authorization system, for which CAS has no direct support. The CAS authorization model is decentralized where services are responsible for making their own authorization decisions. CAS can facilitate authorization by providing data via the SAML attribute release feature, http://www.ja-sig.org/wiki/display/CASUM/Attributes. It's straightforward to send group membership data from your LDAP via attribute release and let your CAS-enabled services make authorization decisions. We do this and it works splendidly. > 2) is it possible to define user exclusion lists? Again, this is a concern for each CAS-enabled service. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
