> My intention is to use the LDAP groups to populate the authorities in CAS. > So I could use this to implement authorization.
CAS does not do authz, but it does release attributes to the client via SAML11 to support the client making authz decisions. Implementation sketch follows: 1. Configure a principal resolver that queries the directory for group information [1] 2. Ensure service management is configured to release attributes to the applications that need it [2] 3. Consume attributes by configuring clients to speak SAML [3] 4. Do client-specific integration to map attributes onto roles/granted authorities. M [1] https://wiki.jasig.org/display/CASUM/Attributes#Attributes-PopulatePrincipal'sattributeswithLDAPrepository [2] https://wiki.jasig.org/display/CASUM/Services+Management [2] https://wiki.jasig.org/display/CASUM/SAML+1.1 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
