This facility has been implemented and released in cas-addons. Take a look to see if it would satisfy your needs: https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization
Best, Dmitriy. On Jun 12, 2013, at 3:21 PM, Marvin S. Addison <[email protected]> wrote: >> One of our needs is access >> governing, that is, CAS controls who can and who cannot SSO to any of >> our apps based on the users' role (faculty, staff and student) in the >> institution. > > CAS does not support centralized authorization policy. The model it supports > out of the box is to release metadata about a user from the authentication > system of record, and it is the responsibility of the relying part (CAS > client) to enforce security policy based on that information. That said you > could implement centralized access control by extending the ServiceRegistry > component. Indeed, I believe such a system has been implemented by at least > one member of the CAS community. (I recall Unicon did something of this sort > for a school; maybe one of those folks can speak up with more info.) > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
