See also Webinar about experience implementing this feature at Fordham, from which project the cas-addons code derives:
https://unicon.adobeconnect.com/_a989300636/p6lj8afl7h3/ Slideware from Jasig-Sakai conference at which solution presented: https://wiki.jasig.org/x/ERIoAw Enjoy. Andrew On Wed, Jun 12, 2013 at 3:25 PM, Dmitriy Kopylenko <[email protected]>wrote: > This facility has been implemented and released in cas-addons. Take a look > to see if it would satisfy your needs: > https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization > > Best, > Dmitriy. > > On Jun 12, 2013, at 3:21 PM, Marvin S. Addison <[email protected]> > wrote: > > One of our needs is access > governing, that is, CAS controls who can and who cannot SSO to any of > our apps based on the users' role (faculty, staff and student) in the > institution. > > > CAS does not support centralized authorization policy. The model it > supports out of the box is to release metadata about a user from the > authentication system of record, and it is the responsibility of the > relying part (CAS client) to enforce security policy based on that > information. That said you could implement centralized access control by > extending the ServiceRegistry component. Indeed, I believe such a system > has been implemented by at least one member of the CAS community. (I recall > Unicon did something of this sort for a school; maybe one of those folks > can speak up with more info.) > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
