> Authentication based not on username/password combination, but based on some > attributes.
I've lost some of the context of your discussion of parent/child CAS. If you want to model access to one domain from another as an authorization decision, which seems reasonable to me at face value, then the attribute release mechanism of CAS should work nicely. One of its primary design functions is to facilitate authorization. > I don't see "CredentialsToMySQLAttributePrincipalResolver" when I google. Doesn't exist, but C-To-P resolvers are fairly straightforward components to develop to suit your needs. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
