I'm working on a distributed authentication/authorization environment that will maintain a list of principals that each user/entity is currently authenticated with in order to manage principal based role management as well as provide a consolidated sign-out system. ACEGI will populate the distributed list of authenticated principals. We don't have an existing CAS or ACEGI configuration. My current issue is determining "the best" way to implement this. Watching the CAS server's logs roll by I see it attempting each authenticationHandler until it succeeds so clearly it's possible to intercept that process chain and somehow provide that info for ACEGI. On the other hand I've been reading about methods for ACEGI to to accomplish this. One method suggests using the ACEGI CasAuthenticationHandler, another suggests using the ServiceTicket to access the TicketRegistry to get the Authentication object.
1. Does anyone have a working sample of this interaction? 2. Do those 3 methods summarize my options? Are any of them outdated? 3. What method makes the most sense? I'm definitely leaning towards an ACEGI configuration to manage this, since it's foreseeable that this system would be used with existing CAS servers so leaving CAS out-of-box is preferred. Larry Symms _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
