Hi Andrew - Thanks for your help! Yes, I did see that on the wiki about using multiple authentication handlers.
I guess this boils down to the question of authentication/authorization. I realize that CAS is strictly just for authenticating a user. I was just wondering if maybe there was *some* type of authorization ability, even if it was something very high level. Thanks again, Jin Andrew R Feller wrote: > > Jin, > > With CAS, you can setup multiple authentication handlers and specify the > order users are authenticated against them. In the > /WEB-INF/deployerConfigContext.xml file, there is an authenticationManager > bean that has a property called authenticationHandlers, which is an > ordered > list of authentication handlers. Since both intranet and extranet users > should be authenticated against AD first, I would put the handler for AD > first and then the JDBC handler. > > For more information on available handlers and how to configure them, > check > out the following JA-SIG CAS wiki articles: > > http://www.ja-sig.org/wiki/display/CASUM/Active+Directory > http://www.ja-sig.org/wiki/display/CASUM/JDBC > > As far as AD authentication goes, I've used both LDAP and Kerberos. If > you > can swing LDAP, I'd go that route as older versions of Sun Java have a > memory leak in the KerberosLogin module used by Kerberos authentication. > > HTH, > Andrew > > On 7/1/08 3:21 PM, "auron" <[EMAIL PROTECTED]> wrote: > >> >> Hello all - >> >> We have an intranet for our employees and an extranet for employees + >> clients. Our intranet uses CAS + BindLDAP and everything works great. >> >> We have been designing our extranet and have run into a question: >> >> 1 - Can CAS authenticate users separately based on the domain, or some >> other >> qualifier? Ideally, we would like to use the same CAS to authenticate our >> extranet and intranet users. The intranet can authenticate based on AD, >> and >> the extranet can authenticate based on AD + JDBC of our clients. >> >> 2 - If this is not possible, would running 2 separate CAS servers be our >> only option? >> >> Thank you very much >> >> Jin Lee > > -- > Andrew R. Feller, Analyst > Information Technology Services > 200 Fred Frey Building > Louisiana State University > Baton Rouge, LA 70803 > (225) 578-3737 (Office) > (225) 578-6400 (Fax) > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- View this message in context: http://www.nabble.com/separate-authentication-handlers-based-on-domain--tp18224484p18240358.html Sent from the CAS Users mailing list archive at Nabble.com. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
