There's nothing built in to CAS to do authorization. The typical solution is to release an attribute, such as eduPersonPrimaryAffiliation, that describes the user's primary affiliation with your organization and each service would be responsible for reading that attribute and deciding if the user is authorized or not.
That being said, Unicon's 'cas-addons' package gives you the ability to add authorization decisions to the CAS server web-flow. You can limit a particular service to only users with particular attribute values - everyone else is redirected to a custom error URL. More information is here: https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization -- Eric Pierce Identity Management Architect Information Technology University of South Florida (813) 974-8868 -- [email protected] ________________________________ From: Jeff Abernathy <[email protected]> Sent: Wednesday, October 30, 2013 3:10 PM To: [email protected] Subject: [cas-user] Limiting an application to use specific directory or OU Hello, We have successfully deployed CAS here using two different directories, one that contains our active users, and one that contains both our active and legacy (alum, graduates, former employees). This has worked pretty well, allowing us to seemlessly provide services to users from both directories. As we are presently configured, attributes are provided from just one of the directories. What I'm looking for is a way to possibly limit specific applications to authenticating to one directory or the other. For instance, limiting one of our email products to only be with active employees, but allowing all to have access to another email product. Is there something I'm missing, with in CAS, or is this something to be done within the specific application? If its within the application is there a way to pass on the authenticating directory? Or is this something better done with attributes? Thanks, Jeff Abernathy ________________________________ [http://www.slu.edu/Images/marketing_communications/logos/slu/slu_4c.gif] Jeff Abernathy [email protected]<mailto:[email protected]> 314-977-2019 Manager Web, Portal, Collaboration Services Information Technology Services Saint Louis University ITS<http://www.slu.edu/its> | Saint Louis University<http://www.slu.edu/> ________________________________ -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
