Yes, this is exactly what I meant (authorization, not authentication)
and I apologize for the confusion. I will pursue this route and see
what I can manage. If anyone else has done this before with FIMS,
please let me know; if not, once I have it working I will post the
"how-to" here (unless there's a better place to do so).
On Nov 17, 2008, at 10:00 AM, [EMAIL PROTECTED] wrote:
What you are describing sounds more like authorization than
authentication. "use CAS to determine a user's eligibility to view
content".
We use CAS attributes to support authorization in various web
applications. Authorization is done serverside using CAS client
libraries to handle a customized "CAS 2.0+attributes" response or
the SAML response (which supports attributes without customization).
Basically, if you can get attributes back in the validation response
from CAS, you can use these for authorization in the CAS protected
app.
Sorry, no experience with FIMS. Our only use of flash "clientside"
with CAS has been to create a flash app that uses the RESTful API to
obtain a TGT and service tickets to access service urls as required.
http://www.ja-sig.org/wiki/display/CASUM/RESTful+API.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
