You might also choose to implement Fordham-style coarse grained access control at the CAS server layer, such that CAS is aware of whether a given user is in a given target application's acceptable user set and blocks attempts to login to applications the user is not permitted to access, preferably with a friendly error experience.
cf. presentation at the most recent Jasig-Sakai conference on this topic, recording available. On Mon, Feb 11, 2013 at 4:27 AM, jleleu <[email protected]> wrote: > Hi, > > You can have several applications participating in the SSO, with different > set of attributes of the authenticated user for each applications. > The user attributes returned to the web application by the CAS server > (during the service ticket validation) can be configured in the CAS server > back office : https://wiki.jasig.org/display/CASUM/Services+Management, > https://wiki.jasig.org/display/CASUM/Attributes. > Best regards, > Jérôme > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
