We let the clients using CAS handle authorization themselves, but we did extend CAS to pass along custom attributes using SAML 1.1. You may want to look into this, but any clients that want the additional attributes would need to use SAML to read the custom SAML namespace. We have had issues with clients only supporting SAML 2.0, so this is something to take into consideration as well.
-Adam On Thu, Mar 14, 2013 at 10:39 AM, Lê, Hà Hong Viêt <[email protected]>wrote: > Hello,**** > > ** ** > > We are currently trying to setup a CAS server in order to manage > authentication for all ours services.**** > > ** ** > > We are also debating CAS’s perimeter : some would like to add some > information useful for authorization in the response after ticket > validation.**** > > ** ** > > For example :**** > > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>**** > > <cas:authenticationSuccess>**** > > <cas:user>james.bond</cas:user>**** > > <cas:attributes>**** > > <cas:profile>super-user</cas: profile>**** > > <cas:group>007</cas: group>**** > > </cas:attributes>**** > > </cas:authenticationSuccess>**** > > </cas:serviceResponse>**** > > ** ** > > ** ** > > In my opinion, CAS’s attributes are not meant to be used for > authorization. I’ve read the protocol http://www.jasig.org/cas/protocolbut I > could find a quote saying if CAS should or should not be use for > authorization.**** > > Just this one quote : « In the case where one is using CAS for > authorization (probably a bad idea in the first place) ... », on this page > http://www.jasig.org/cas/client-integration/gateway **** > > ** ** > > Could somebody from the community give us his feedback please ? Thanks !** > ** > > ** ** > > Cheers,**** > > ** ** > > Hong Viet**** > > ** ** > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
