Hi
I want to create a CAS-based central authentication and authorization server
reading user information
from DB, but I know that cas-clients should implement a UserDetailsService
which connecting to DB retrieves
user information.
Now I want to centralize the user information in the central CAS-based server,
and offer web-based user
information service. I mean I will create a secure web page on cas server
acting like a web service: it
takes username as the input and returns user information as the output. Now in
cas-clients I should implement
a method based on http-client, which connects to cas-server secure method and
retrieves the user information.
In short: I want a UserDetailsService implementation on clients which connects
to cas-server and retrieves user
information.
(I don't use webservice because I don't know how web service method
authentication integrates with cas authentication.)
This architecture has some benefits: Authentication and user information is
centralized in a separate isolated server
and other clients do not know anything about db schema and authentication
implementation mechanisms.
Now I have two questions:
Do you have any comment on this architecture?
How can I express cookie information in HTTP-CLIENT application, so that
cas-server can ensure the validity of
http-client remote applications?
Excuse me for the long question
Best Regards
Sadegh Aliakbary
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now._______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
