Jin, For authorization, you can look into Spring Security (a.k.a ACEGI) at http://www.acegisecurity.org/; it was people typically use with CAS.
HTH, Andrew On 7/2/08 10:33 AM, "auron" <[EMAIL PROTECTED]> wrote: > > Hi Andrew - > > Thanks for your help! Yes, I did see that on the wiki about using multiple > authentication handlers. > > I guess this boils down to the question of authentication/authorization. I > realize that CAS is strictly just for authenticating a user. I was just > wondering if maybe there was *some* type of authorization ability, even if > it was something very high level. > > Thanks again, > Jin > > > > Andrew R Feller wrote: >> >> Jin, >> >> With CAS, you can setup multiple authentication handlers and specify the >> order users are authenticated against them. In the >> /WEB-INF/deployerConfigContext.xml file, there is an authenticationManager >> bean that has a property called authenticationHandlers, which is an >> ordered >> list of authentication handlers. Since both intranet and extranet users >> should be authenticated against AD first, I would put the handler for AD >> first and then the JDBC handler. >> >> For more information on available handlers and how to configure them, >> check >> out the following JA-SIG CAS wiki articles: >> >> http://www.ja-sig.org/wiki/display/CASUM/Active+Directory >> http://www.ja-sig.org/wiki/display/CASUM/JDBC >> >> As far as AD authentication goes, I've used both LDAP and Kerberos. If >> you >> can swing LDAP, I'd go that route as older versions of Sun Java have a >> memory leak in the KerberosLogin module used by Kerberos authentication. >> >> HTH, >> Andrew >> >> On 7/1/08 3:21 PM, "auron" <[EMAIL PROTECTED]> wrote: >> >>> >>> Hello all - >>> >>> We have an intranet for our employees and an extranet for employees + >>> clients. Our intranet uses CAS + BindLDAP and everything works great. >>> >>> We have been designing our extranet and have run into a question: >>> >>> 1 - Can CAS authenticate users separately based on the domain, or some >>> other >>> qualifier? Ideally, we would like to use the same CAS to authenticate our >>> extranet and intranet users. The intranet can authenticate based on AD, >>> and >>> the extranet can authenticate based on AD + JDBC of our clients. >>> >>> 2 - If this is not possible, would running 2 separate CAS servers be our >>> only option? >>> >>> Thank you very much >>> >>> Jin Lee >> >> -- >> Andrew R. Feller, Analyst >> Information Technology Services >> 200 Fred Frey Building >> Louisiana State University >> Baton Rouge, LA 70803 >> (225) 578-3737 (Office) >> (225) 578-6400 (Fax) >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> -- Andrew R. Feller, Analyst Information Technology Services 200 Fred Frey Building Louisiana State University Baton Rouge, LA 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
