I use CAS for the "main log in". Using shibolet i get roles from ldap server (ex "administrator","student"). Then i use a jsp-login-tomcat-authform-style to make access based only on user's role. So i can have different "roles-access" for different web-apps.
It's a little dirty but work well :-) CAS -> get login -> CAS auth -> get roles -> jsp/tomcat auth -> webapps > > > On 10/21/06, Ery Atmodjo <[EMAIL PROTECTED]> wrote: > > > > Dear all > > > > I am interrested in SSO, and in particular in CAS. However, I want to > make sure that CAS can satisfy our need. > > > > Suppose I plan to authenticate a group of users, say staff, through CAS, > to access for example squirrelmail, e-learning application, library library > application. > > > > To another group of users, say student, I plan to authenticate them > directly to one or more application mentioned above, because they are not > registered in LDAP. > > > > Therefore, a staff can login to squirrelmail, e-learning application and > library application, directly or trough CAS, while student can only login to > e-learning application or library application directly to the application. > > > > Is my scenario might work with CAS? > > > > Thank for answer(s) > > > > Ery > > > > > > ________________________________ > Do you Yahoo!? > > Everyone is raving about the all-new Yahoo! Mail. > > > > > > _______________________________________________ _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
