I have not yet done an exhaustive search of the list archive, so this question may have already been addressed, but I'm throwing out to the list nonetheless.
Has anyone dealt with the following: - One of our departments is in the process of standing up an application that they wish to CAS-enable and that will support multiple constituencies (student/faculty/staff/alumni) - I have two LDAP sources (one for student/faculty/staff and one for alumni) - Each source has differing attributes that will need to be returned (via samlValidate) for the authenticated user - It is possible (to the tune of 1100 accounts) to have duplicate uids in the LDAP sources. That is a "uid=steven" can exist in both the student/faculty/staff LDAP and in the Alumni LDAP AND the two ids do not necessarily represent the same person. - I've been asked to come up with a solution, so that CAS can authenticate the user, regardless of LDAP source (that's the easy part as CAS already supports multiple LDAP sources) AND release the correct attributes for the authenticated ID (the hard part). I'm hoping that someone has had to deal with and has solved this problem. We are considering standing up two separate CAS instances; one for each LDAP source; configured to release the respective attributes. This would mean that the front-end of the web application would have two login choices, one for student/faculty/staff and one for alumni and the user would have to pick the appropriate login. Not a very elegant solution and one we have never tried before. Has anyone implemented multiple CAS instances in this way? What are the issues in doing so? Were you able to work around the issues? How? Do you have examples/code that you can share? In the meantime I'll search the list. Thanks. -Mike
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
