You would either share an auth database or use CAS, not both. On Friday, March 22, 2019 at 9:25:06 AM UTC-4, zm wrote: > > In a test environment, I've setup the following: > > 1 - Domain Controller Running AD > 2 - Web2Py CAS Provider > 3 - Web2Py CAS Consumer > > - The provider (#2) is able to get groups from #1, and updates them > automatically. > - The consumer (3) is using the provider (2) as a CAS provider. This > works fine. > - The consumer (3) and the provider (2) are sharing an authdb, which I had > hoped would give the consumer access to the groups of the provider. > > The issue is that when a user logs into the consumer, the consumer adds a > new user into auth_user, so every user has two auth_user records. The > first record from the provider is assocaited with groups, while the second > is not, as it is coming from the consumer, and has no idea what groups the > provider knows about. > > With all that said, I'm hoping there is still a solution. At a high > level, I need to support the following: > - Authenticate via AD (already done) > - Get groups from AD (already done) > - Get groups to all consumers (possible if we skip the provider and just > have the consumer connect to AD, but that breaks other functionality) > - Single sign on to web2py apps (works, but breaks groups as web2py cas > doesn't transfer group membership) > > The last two items are really the sticking point, I need single sign on > *and* groups. In reviewing the underlying code for cas_auth.py > <https://github.com/web2py/web2py/blob/master/gluon/contrib/login_methods/cas_auth.py>, > > I see that it doesn't support passing member_of, which cas2.0 appears to > support. Even if it did support group membership, applying those changes > to auth, would be a fairly major change. Any thoughts on ways to get > around these limits? >
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
