> So our status pages require authentication (and have an additional > authorization layer that uses cas's saml attributes).
That's an unusual requirement for status endpoints consumed by enterprise monitoring tools. > I don't understand how the gateway feature would help in this case. Gateway provides a convenient way to access a resource behind CAS that does not require an authenticated context. Since your use doesn't meet that requirement, you're correct that it's of no use. Your only option is to leverage the RESTful API to get through CAS to your application. You'll then have to tackle the thorny issues of provisioning credentials to services and managing service credential lifecycles. In my experience, those issues are not worth the value of status pages that have strict user authorization requirements. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
