Hello, First, lest talk about my configuration: I have a CAS server 4.0 working with an LDAP directory. I have a portal that works as a proxy (portal.mydomain.com) I have multiple CAS client application (app1.mydomain.com, app2.mydomain.com...)
One of the functionality of the portal is to facilitate the use of the different applications. For common tasks, instead of asking the user to go to the app, i have a clear form on the portal that will just call a WS on the application for example. Obviously to do so, i need to manage the different permissions of all the types of user on the portal as well as on the applications. For example i have a permissions on the portal to write content on the app1. I give this permission to one of my user and he will have access to a simplified form. However, as long as i didn't gave him the permission to write content on the app1, he won't be able to do anything. Currently i'm giving the permission on both the application but it's tiring. If in some months i have to do it for X application it will quickly become unmanageable. Easy solution : writing all my portal permissions in an array and save it in an unused LDAP attribute, it will most likely work but i want to make things clean. Solution envisaged : Create a simple API on the portal that lists the permissions for each users. The goal is to call the API from the app so i've created a button on my app that is supposed to synchronize all the permissions. On the click i initialize my app as a proxy with phpCAS and am doing the same protocol i do on the portal to make a correct request to the portal, however it does not work. I think it's because the portal is a proxy and not a client. Can you confirm ? Do you know a clean solution to do what a try to do ? Thanks :) -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
