Federico, It sounds like your users should authenticate with CAS to webapp A or B. Those services should request proxy granting tickets for webapp C. They should then request proxy tickets for webapp C and attempt get the user's roles on a back channel.
Your users would never browse to or see webapp C in the scenario I described. Your other webapps would leverage webapp C to get the user role information. Thanks, Carl Waldbieser ITS System Programmer Lafayette College ----- Original Message ----- From: "Federico Paparoni" <[email protected]> To: [email protected] Sent: Monday, November 3, 2014 11:12:56 AM Subject: [cas-user] CAS with User/Role webapp manager Hi all, I have the following scenario: - CAS server - webapp A - webapp B - webapp C : user/app/roles manager, an application that map roles to user/app. Using it i can enable user to enter in a specific application with a list of roles When a user tries to access to webapp A, if not authenticated, the browser redirects to CAS login page. The custom authentication should also retrieve the roles associated with the user. Then the browser is redirected to webapp C, where the user can see a list of link with enabled applications. I read the Proxy CAS Walkthrough ( https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough) and some other documentations on possible architectures but I don't understand if myscenario is suitable with a customization of CAS server. Ideas? Cheers, Federico -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
