Hi, SSO is useful when you have several applications and you want want to authenticate just once. You share your identity accross applications. CAS is a good solution for that : authenticating once and accessing many applications.
CAS is not addressing authorizations directly which are handled at the application level, but when the user logs in at CAS server, a profile is created for this user (retrieved from database for example) and this profile is pushed to the application when the user accesses it (SAML validation only). With the user profile, the application can define what should be the authorizations of the user. Ehcache+TerraCotta can be used to share session accross many applications, it brings some constraints : a session cookie shared on a global common domain or transferred through urls. I proposed the CAS support in Shiro : don't hesistate to ask me more questions on CAS... Best regards, Jérôme -- View this message in context: http://shiro-user.582556.n2.nabble.com/use-CAS-for-SSO-authentication-and-JdbcRealm-for-authentication-tp7577762p7577763.html Sent from the Shiro User mailing list archive at Nabble.com.
