Hi there, In early 2010, an authorization patch has been posted to the mod_auth_cas issue tracker at https://issues.jasig.org/browse/MAS-37 So far, this patch has not made it into the main sourcecode.
This patch has some limitations and I thought it worthwhile to post an alternative patch at https://issues.jasig.org/browse/MAS-60 The main difference between the two proposals is the implementation method (MAS-37: HTTP Request Headers vs. MAS-60:Apache Request Structure Note), the availability of a "CASAuthoritative" directive in MAS-60 and a slightely different configuration syntax: MAS-37: Require <attribute-name> <value> i.e. Require organization foo MAS-60: Require cas-attribute <attribute-name>:<value> [<attribute-name>:<value>] i.e. Require cas-attribute organization:foo The code in the MAS-60 patch is also bigger, but not necessarily slower. Mod_auth_cas lead developer Phil Ames has asked me to send note to this mailinglist and ask for feedback here as well. Best regards, Christian Folini, Swiss Post -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
