> I was wondering if anyone has had any success sending ldap groups as > authorities through cas.
I believe you mean authority in the sense of authorization data. CAS has no direct support for user authorization services of any kind. As you noted, however, you can make CAS release attributes that can be consumed as a source of authorization data on the client. Many CAS client applications have support for treating arbitrary attributes as role data; the Spring Security CAS client does this nicely, http://static.springsource.org/spring-security/site/docs/3.0.x/reference/cas.html. > I have setup cas to authenticate and send selected ldap attributes to a test > application via the Cas20 protocol. I hope you will reconsider using the CAS protocol for this. CAS has support for releasing attributes via SAML 1.1 protocol, https://wiki.jasig.org/display/CASUM/SAML+1.1, and many of the clients have been designed to consume SAML data for integration with authorization frameworks. In fact, all the clients that support authorization (Java, phpCAS, .NET, mod_auth_cas) that I'm aware of use SAML. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
