The requirement is that user MUST interact directly with both C and A. Ok so proxy authentication is useful only for those scenario I want to protect some services without direct interaction of users. Anything can be done using CAS for my scenario?
Thanks, Federico 2014-11-03 18:13 GMT+01:00 Waldbieser, Carl <[email protected]>: > Federico, > > When a user authenticates to "C", can C transparently get the data it > needs from "A" or "B" if it can authenticate to those service on behalf of > the user? > If so, then you could have CAS proxy authentication work that way, too. > > If the user needs to interact directly with both "C" and "A" (for > example), then you don't want to use proxy authentication. > > Thanks, > Carl > > ----- Original Message ----- > From: "Federico Paparoni" <[email protected]> > To: [email protected] > Sent: Monday, November 3, 2014 12:03:59 PM > Subject: Re: [cas-user] CAS with User/Role webapp manager > > Hi Carl, > > the user must pass through webapp C, because only there is the list of > available apps for a user. An admin on webapp C will select which > applications a user can access. In this way users don't bookmark webapp A/B > or even if they bookmark it the main entry point is webapp C. > > > 2014-11-03 17:26 GMT+01:00 Waldbieser, Carl <[email protected]>: > > > > > Federico, > > > > It sounds like your users should authenticate with CAS to webapp A or B. > > Those services should request proxy granting tickets for webapp C. They > > should then request proxy tickets for webapp C and attempt get the user's > > roles on a back channel. > > > > Your users would never browse to or see webapp C in the scenario I > > described. Your other webapps would leverage webapp C to get the user > role > > information. > > > > Thanks, > > Carl Waldbieser > > ITS System Programmer > > Lafayette College > > > > ----- Original Message ----- > > From: "Federico Paparoni" <[email protected]> > > To: [email protected] > > Sent: Monday, November 3, 2014 11:12:56 AM > > Subject: [cas-user] CAS with User/Role webapp manager > > > > Hi all, > > > > I have the following scenario: > > > > - CAS server > > - webapp A > > - webapp B > > - webapp C : user/app/roles manager, an application that map roles to > > user/app. > > Using it i can enable user to enter in a specific application with a list > > of roles > > > > When a user tries to access to webapp A, if not authenticated, the > > browser redirects > > to CAS login page. The custom authentication should also retrieve the > roles > > associated with the user. Then the browser is redirected to webapp C, > where > > the user can see a list of link with enabled applications. > > > > I read the Proxy CAS Walkthrough ( > > https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough) and some > > other documentations > > on possible architectures but I don't understand if myscenario is > suitable > > with a customization of CAS server. Ideas? > > > > Cheers, > > > > Federico > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > Federico Paparoni > > Blog -- http://fpaparoni.wordpress.com/ > Twitter -- http://twitter.com/fpaparoni > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
