Hello,In our organization, we use CAS with AD (smartcard and login/password login, but not SPNEGO), and 2 different techniques to manage authorization through group membership : - client application is CAS aware => SAML ticket validation can provide attributes : groups, given name, display name, which can be used to achieve authorization. - client application is not CAS aware => mod_auth_cas is used for authentication, and mod_authnz_ldap is used for authorization based on group membership.
It works very well for us :-) Rgds. Le 08/06/2011 15:37, Nicolaie a écrit :
Hello all, after a while struggeling with SPNEGO / CAS and Confluence it works now really like a charm without any user-interaction. Now I would like to expand the scope to an Apache Server with mod_auth_cas by giving acces to authorized users to some group subdirectories. The Groups can be retrieved from the Active Directory where the Kerberos Tickets are already taken from. I played with the AD Config from jasig-wiki but I do not really get the point. My Queastion is: If I allready have a Ticket (I am /Authenticated/), how can I get the Groups of my UID (How do I check my *Authorisation*)? Thank you for your support. Cheers Nicolaie------------------------------------------------------------------------------------------View this message in context: Group-based authorisation with mod_auth_cas and SPNEGO/LDAP/AD <http://jasig.275507.n4.nabble.com/Group-based-authorisation-with-mod-auth-cas-and-SPNEGO-LDAP-AD-tp3582515p3582515.html> Sent from the CAS Users mailing list archive <http://jasig.275507.n4.nabble.com/CAS-Users-f255676.html> at Nabble.com.-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- Philippe MARASSE Service Informatique - Centre Hospitalier Henri Laborit BP 587 - 370 avenue Jacques Coeur 86021 Poitiers Cedex Tel : 05.49.44.57.19
smime.p7s
Description: S/MIME Cryptographic Signature
