On 06/08/2011 10:00 AM, Philippe MARASSE wrote: > Hello, > > In our organization, we use CAS with AD (smartcard and login/password > login, but not SPNEGO), and 2 different techniques to manage > authorization through group membership : > - client application is CAS aware => SAML ticket validation can > provide attributes : groups, given name, display name, which can be used > to achieve authorization. > - client application is not CAS aware => mod_auth_cas is used for > authentication, and mod_authnz_ldap is used for authorization based on > group membership.
You can also use this patch to authorize based on the released SAML attributes: https://issues.jasig.org/browse/MAS-37 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
