Hi Bill, I'm interested in seeing how Unicon/Fordham is implementing RBAC -- if you have any docs or samples and were willing to share, it would be greatly appreciated!
Thanks, Dave On Tue, Mar 13, 2012 at 4:29 PM, William G. Thompson, Jr. <[email protected]> wrote: > Hi Ben, > > One way is to implement RBAC for CAS protected services by controlling > who can get STs for which services. > Fordham is implementing this now with help from Unicon. We > implemented this as a standard maven overlay extension to stock CAS > 3.4.11. Id' be happy to go in to more details if there is interest. > > By the way we implemented something similar for Shib IdPv2 last summer > in partnership with the University of Wisconsin - Madison. > http://events.internet2.edu/2011/fall-mm/agenda.cfm?go=session&id=10001976&event=1148 > > Best, > Bill > > > On Tue, Mar 13, 2012 at 11:38 AM, Ben Branch <[email protected]> wrote: >> I have my CAS environment up and running. Serving only a few services at >> the moment and none of them are in production yet. So, now my question is, >> what is the easiest way to control access to the services? Since some >> applications create a user name on the application end upon logging in, do >> we want the application admin to control the access to these services? Or >> is there another way to do this that allows us to exert greater control over >> who uses the applications? >> >> >> >> Again, everyone’s help on here is greatly appreciated. >> >> >> >> Many thanks in advance, >> >> >> >> Ben Branch >> Sun Administrator >> >> University of Central Oklahoma >> >> ITIL Foundation v3, Network+ >> >> 100 N. University Drive, Box 122 >> >> Edmond, OK 73034 >> >> D: 405.974.2649 | M: 405.550.6804 | [email protected] | www.uco.edu >> >> >> >> “If you wish to know your past, look at your present conditions. If you >> wish to know your future, look at your present actions.” - Siddhartha >> Gautama >> >> >> >> >> **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, >> and Green! Please print this e-mail only if absolutely necessary! >> >> **CONFIDENTIALITY** -This e-mail (including any attachments) may contain >> confidential, proprietary and privileged information. Any unauthorized >> disclosure or use of this information is prohibited. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
