> Does CAS provide claim-based or form-based authentication? CAS has a pluggable authentication API. The default implementation is to provide credentials in a form, which would classify as "form-based authentication" in .NET parlance. I believe it's possible to develop a claims-based authentication backend, but I'm only familiar with that security architecture in passing and my estimate is hardly informed. My optimism is based on the success rate of integration with a variety of authentication technologies.
> Does the answer depend on what type of user-store you're working with, i.e. > Oracle vs SQL Server? If the back end stores a tuple of userid and digested password, then the store matters only in some configuration details. If the back end is a ticketing system like Kerberos, then the mechanism matters much more as you're not authenticating with a username/credential pair provided by the user. Same goes for token-based authentication (smart card, OTP, etc). M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
