Can you give an example of what you mean with "various policies"?
The CAS service manager ships with the ability to explicitly deny
proxy capability to registered services. We make healthy use of this
feature at Virginia Tech. I'm sure I could invent additional policies
if pressed.
IIUC you control CAS, but you don't control the implementation of the
registered services, right?
In practice you control both, since registered service components are
part of the CAS server. In order to implement additional proxy
authentication controls, one strategy would be to add additional
registered service metadata that is enforced by other CAS components.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
