I have not yet done an exhaustive search of the list archive, so this
question may have already been addressed, but I'm throwing out to the list
nonetheless.

 

Has anyone dealt with  the following:

 

-          One of our departments is in the process of standing up an
application that they wish to CAS-enable and that will support multiple
constituencies (student/faculty/staff/alumni)
 

-          I have two LDAP sources (one for student/faculty/staff and one
for alumni)



-          Each source has differing attributes that will need to be
returned (via samlValidate) for the authenticated user



-          It is possible (to the tune of 1100 accounts) to have duplicate
uids in the LDAP sources.
That is a "uid=steven" can exist in both the student/faculty/staff LDAP and
in the Alumni LDAP  AND the two ids do not necessarily represent the same
person.

 

-          I've been asked to come up with a solution, so that CAS can
authenticate the user, regardless of LDAP source (that's the easy part as
CAS already supports multiple LDAP sources)  AND release the correct
attributes for the authenticated ID (the hard part).

 

I'm hoping that someone has had to deal with and has solved this problem.
We are considering standing up two separate CAS instances; one for each LDAP
source; configured to release the respective attributes.   This would mean
that the front-end of the web application would have two login choices, one
for student/faculty/staff and one for alumni and the user would have to pick
the appropriate login.  Not a very elegant solution and one we have never
tried before.

 

Has anyone implemented multiple CAS instances in this way?  What are the
issues in doing so?  Were you able to work around the issues? How?  Do you
have examples/code that you can share?  In the meantime I'll search the
list.

 

Thanks.

-Mike

 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to