One of our needs is access governing, that is, CAS controls who can and who cannot SSO to any of our apps based on the users' role (faculty, staff and student) in the institution.
CAS does not support centralized authorization policy. The model it supports out of the box is to release metadata about a user from the authentication system of record, and it is the responsibility of the relying part (CAS client) to enforce security policy based on that information. That said you could implement centralized access control by extending the ServiceRegistry component. Indeed, I believe such a system has been implemented by at least one member of the CAS community. (I recall Unicon did something of this sort for a school; maybe one of those folks can speak up with more info.)
M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
