On Wed, Oct 17, 2012 at 3:20 PM, Hadden, Rich <[email protected]> wrote: > Good afternoon, > > > > I was wondering if there is any means by which (or possibly any future > plans) to allow grouping or clustering of services for authentication or to > provide different tiers of authentication without requiring multiple CAS > instances. For example, I may want a user that signs into services a, b and > c to be able to create proxy tickets for each other, but servicess d, e and > f may have more sensitive data, but use the same credentials as a, b and c. > Just because the user authenticates to application a, I don’t want him to be > able to login to d, e or f without being challenged for authentication > again.
> This is the model that I’m being tasked with implementing and don’t > see any present support? I recall hearing a presentation about a university augmenting the service manager to provide for centralized authorization. I don't recall the details, but it likely would not address your needs directly but it does highlight that it's possible to leverage the service manager as a platform for implementing features like this. I would recommend you consider leveraging forced authentication (renew=true) for services d, e, and f. While it doesn't provide for centralized control of security policy, it would satisfy the requirement for reauthentication to reach the more secure services. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
