I was looking through the CAS mailing list and came across your email about CAS authorization. I was curious to know if you have found out a way to implement the authorization piece into CAS. We are actually wanting to want the server to authorize the user instead of leaving that up to the client, leaving the control of authorization of the applications to us.
Any insight that you have into CAS authorization will be much help. Thanks! Jeremy Wickham Senior Programmer Analyst Enterprise Information Systems [EMAIL PROTECTED] (662) 325-9173 >>> dale77 <[EMAIL PROTECTED]> 8/7/2008 8:38 PM >>> My understanding is that CAS is an authentication technology, with authorization being solely the responsibility of the client service. I believe it makes sense for CAS to provide for authorization where it is a requirement that a service absolutely not be accessible to a given user. I came up with the following flow: 1. User hits service protected by SSO 2. Service redirects to CAS 3. User enters creds into CAS 4. CAS authenticates user 5. If authentication FAILS -> "your credentials are not authentic" STOP 6. NEW!! CAS authorizes user for service (CAS level authorization) 7. NEW!! If authorization FAILS -> "sorry you are not authorized to use that service" STOP 8. CAS redirects back to service with service ticket 9. Service validates service ticket 10. Service authorizes User (service level authorization, as it is done today) 11. User accesses service Has anyone implemented anything like the above in CAS, or do people think that this sort of functionality would be desirable? The advantage is that the service never hears from an "authenticated" user, and authorization is managed by the CAS implementor for that particular service. Dale -- View this message in context: http://www.nabble.com/CAS-authorization-tp18883610p18883610.html Sent from the CAS Users mailing list archive at Nabble.com. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
