Hi. I am thinking of implementing CAS for a project and just want to confirm my thinking about a particular use case before proceeding.
My scenario is that I will have an app that connects users to their profile (an User Account App). They will be able to choose from a series of apps to subscribe. When then subscribe, a database is created for the user with an appropriate role (authorization). Each app currently requires a login (authentication) which I am trying to avoid. The way I am wanting this to work is that user would go to the Account App for sign in. CAS redirects for credentials and they get into their account. They click on Apps tab and select from list of CASified apps. Because they are already signed in. I am assuming they will be able to go straight to app, it will check their token and they should receive no prompts. A second question involves playing dictionaries or other brute force measures to attempt access to a user account. It is possible to integrate Google's reCaptcha, or YubiKey into the login or some other measure to prevent this type of issue. In any case, just looking for advice on these things. It would appear that CAS is an appropriate solution for this scenario. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
