I was looking through the CAS mailing list and came across your email about CAS 
authorization. I was curious to know if you have found out a way to implement 
the authorization piece into CAS.  We are actually wanting to want the server 
to authorize the user instead of leaving that up to the client, leaving the 
control of authorization of the applications to us.  

Any insight that you have into CAS authorization will be much help.

Thanks!


Jeremy Wickham
Senior Programmer Analyst
Enterprise Information Systems
[EMAIL PROTECTED]
(662) 325-9173

>>> dale77 <[EMAIL PROTECTED]> 8/7/2008 8:38 PM >>>

My understanding is that CAS is an authentication technology, with
authorization being solely the responsibility of the client service.

I believe it makes sense for CAS to provide for authorization where it is a
requirement that a service absolutely not be accessible to a given user. I
came up with the following flow:

1. User hits service protected by SSO
2. Service redirects to CAS
3. User enters creds into CAS
4. CAS authenticates user
5. If authentication FAILS -> "your credentials are not authentic" STOP
6. NEW!! CAS authorizes user for service (CAS level authorization)
7. NEW!! If authorization FAILS -> "sorry you are not authorized to use that
service" STOP
8. CAS redirects back to service with service ticket
9. Service validates service ticket
10. Service authorizes User (service level authorization, as it is done
today)
11. User accesses service

Has anyone implemented anything like the above in CAS, or do people think
that this sort of functionality would be desirable? The advantage is that
the service never hears from an "authenticated" user, and authorization is
managed by the CAS implementor for that particular service.

Dale

-- 
View this message in context: 
http://www.nabble.com/CAS-authorization-tp18883610p18883610.html 
Sent from the CAS Users mailing list archive at Nabble.com.

_______________________________________________
Yale CAS mailing list
[email protected] 
http://tp.its.yale.edu/mailman/listinfo/cas

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to