Thanks for the feedback ! I'd aslo like to let the client handle authorization.
Using SAML is not mandatory in order to add custom attribute : its seems that the cas client is able to parse the CAS2.0 response with the function protected Map<String,Object> extractCustomAttributes(final String xml) https://github.com/Jasig/java-cas-client/blob/master/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ServiceTicketValidator.java @Curtis : I'll look into that implementation, thx ! HV De : Adam P Causey [mailto:[email protected]] Envoyé : jeudi 14 mars 2013 15:51 À : [email protected] Objet : Re: [cas-user] CAS authentication and authorization ? We let the clients using CAS handle authorization themselves, but we did extend CAS to pass along custom attributes using SAML 1.1. You may want to look into this, but any clients that want the additional attributes would need to use SAML to read the custom SAML namespace. We have had issues with clients only supporting SAML 2.0, so this is something to take into consideration as well. -Adam On Thu, Mar 14, 2013 at 10:39 AM, Lê, Hà Hong Viêt <[email protected]<mailto:[email protected]>> wrote: Hello, We are currently trying to setup a CAS server in order to manage authentication for all ours services. We are also debating CAS's perimeter : some would like to add some information useful for authorization in the response after ticket validation. For example : <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>james.bond</cas:user> <cas:attributes> <cas:profile>super-user</cas: profile> <cas:group>007</cas: group> </cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse> In my opinion, CAS's attributes are not meant to be used for authorization. I've read the protocol http://www.jasig.org/cas/protocol but I could find a quote saying if CAS should or should not be use for authorization. Just this one quote : « In the case where one is using CAS for authorization (probably a bad idea in the first place) ... », on this page http://www.jasig.org/cas/client-integration/gateway Could somebody from the community give us his feedback please ? Thanks ! Cheers, Hong Viet -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
