Hi Ben, One way is to implement RBAC for CAS protected services by controlling who can get STs for which services. Fordham is implementing this now with help from Unicon. We implemented this as a standard maven overlay extension to stock CAS 3.4.11. Id' be happy to go in to more details if there is interest.
By the way we implemented something similar for Shib IdPv2 last summer in partnership with the University of Wisconsin - Madison. http://events.internet2.edu/2011/fall-mm/agenda.cfm?go=session&id=10001976&event=1148 Best, Bill On Tue, Mar 13, 2012 at 11:38 AM, Ben Branch <[email protected]> wrote: > I have my CAS environment up and running. Serving only a few services at > the moment and none of them are in production yet. So, now my question is, > what is the easiest way to control access to the services? Since some > applications create a user name on the application end upon logging in, do > we want the application admin to control the access to these services? Or > is there another way to do this that allows us to exert greater control over > who uses the applications? > > > > Again, everyone’s help on here is greatly appreciated. > > > > Many thanks in advance, > > > > Ben Branch > Sun Administrator > > University of Central Oklahoma > > ITIL Foundation v3, Network+ > > 100 N. University Drive, Box 122 > > Edmond, OK 73034 > > D: 405.974.2649 | M: 405.550.6804 | [email protected] | www.uco.edu > > > > “If you wish to know your past, look at your present conditions. If you > wish to know your future, look at your present actions.” - Siddhartha > Gautama > > > > > **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, > and Green! Please print this e-mail only if absolutely necessary! > > **CONFIDENTIALITY** -This e-mail (including any attachments) may contain > confidential, proprietary and privileged information. Any unauthorized > disclosure or use of this information is prohibited. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
