Allen, Its trivial to do the single sign on part with CAS (as CAS is a single sign on solution ;-)). Generally, however, role management is not done in CAS, though its not impossible to do.
You would need a custom Principal type with a custom CredentialsToPrincipal resolver to populate the principal with the service->role mappings. Then you would need to customize the protocol JSP page to retrieve the role based on the service. That's the easy part. On the client side however, you'd have to modify the client libraries to recognize the extended XML. -Scott Scott Battaglia Application Developer, Architecture & Engineering Team Enterprise Systems and Services, Rutgers University v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] Allen Young wrote: > Hi, > > My question is as follows: > > Say I have two web applications, App1 and App2, each of which has > different username/password and role management, because they are both > legacy systems. Now I want to use CAS to implement sso for these two > applications. For example, one user called "Jack" has a > username/password "jack1/jack1" with a role "user" in App1 and a > username/password "jack2/jack2" with a role "admin" in App2. The best > result is that he needs to visit only one application, this would lead > him to CAS's login page, after his login, he could get into App1 as a > "user" and App2 as a "admin". > > Can I use CAS to implement this? If so, How? Thanks a lot! > > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
