On 8/11/07, Phillip Rhodes <[EMAIL PROTECTED]> wrote: > A few extra note and points of clarification... anybody who's > trying to implement SSO probably already understands these > issues (or at least these kinds of issues) but just in case it > will help somebody:
Thanks for posting these notes Phillip. > This configuration still uses the same roller database tables > and information for authorization. That is, after a user is > authenticated using CAS, the code will try to look that username > up in the roller db, in order to set the authorities for the > user. Additionally, I imagine the Roller code - at some level - expects > entries in whichever table it uses for user information so it can > maintain associations between a given user and their blog, etc. I hope to be breaking some of those associations in 4.1 and make it possible to externalize Roller's user and permissions management. Check the proposal here: http://cwiki.apache.org/confluence/display/ROLLER/Proposal+Externalize+User+And+Permissions+Management - Dave
