I do this on the service application side. So once authenticated, the service a user is accessing checks their roles/membershipt and allows them in or denies them.
If you are able to pull the "memberof" attributes via CAS you can have your application stop the process based on that alone without needing to make a secondary call to your LDAP or AD inside your service application. On Tue, Feb 3, 2015 at 6:29 AM, Giorgio Maria Santini <[email protected]> wrote: > Hello, > > I'm looking for a way to limit service access on a per-user basis. Thus, I > check for a registeredService, I authenticate the user, and then I want to > stop the authentication process if the user has no the abilty to access the > registeredService. I don't know if there is a built-in facility in Cas or > if I have to customize the login flow to accomplish the task. Imagine I > have users A,B,C, and services S1 and S2, I'd like to be able to say "users > A,B use services S1 and S2. User C uses service S2 not S1". > > Thanks for any suggestion > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- *Michael Seiler* -------------------------------------------------- Systems Integration Engineer Fuller Theological Seminary Phone: (970) 306-6105 [email protected] *Please NOTE:* I respond to email at 8 AM, 1PM, and at 4:30PM. If you need more immediate help, please contact TSS (626.584.5675) and they can route the issue to the appropriate person. If this is a business process life or death emergency, you may call me at the above number. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
