> On 11/12/2013 07:17 AM, Philippe Vandenhove wrote:> I have the same > problem. > > > > Is there somebody who can help ?
The (implicit) solution, to me, seems to have been in the original question: > Is it possible to return the following in SAML 1.1 with CAS: > > Role A for Organization A > Role B for Organization B Perhaps take a look at conventional (SAML-based) federated environments, and rethink the problem in terms of scoped attributes. Common implementations might use (assigned) URNs (urn:SomeRegistry:OrganizationA:...:roleA), more recently URLs (https://OrganizationA/.../roleA), or even something resembling a Kerberos principal (roleA@OrganizationA) or other composition (OrganizationA!scopeA, assuming UUCP is no longer in widespread use). :-) The CAS client or the CAS-protected webapp itself would need to know how to evaluate the value(s) for e.g. authorization. Tom. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
