Hi! I have not exactly what you need, but perhaps this provides some ideas.
I have modified CAS so that each service has an additional attribute - a service permission name. For Confluence, the permission name is "wiki". Now, each user that has permissions to access Confluence, must have a corresponding attribute called "wiki" having a value of "True". This is checked by modified CAS code, which is not too complicated. The code will throw an exception if the user has no permissions to use the service (Confluence in this case) and the modified workflow will present an error screen to the user. So, in essence, it is CAS that handles the permissions in my case. Actually the users are not authenticated by LDAP, I use a database instead with separate columns for each possible permission. In case of LDAP I would think that coming up with some similar checks isn't too hard either. For example a group name that needs to match the permission name. Hope this helps a bit, Andrus -- View this message in context: http://jasig.275507.n4.nabble.com/Anyone-using-SAMLvalidate-or-CAS-Active-Directory-with-Confluence-tp3049334p3050492.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
