Without CAS, it doesn't seem to be possible to share a single sign on, unless sharing the session via masterapp, correct?
It looks like when CAS was added there was some talk of transferring group membership. On Friday, March 22, 2019 at 9:37:15 AM UTC-5, Anthony wrote: > > You would either share an auth database or use CAS, not both. > > On Friday, March 22, 2019 at 9:25:06 AM UTC-4, zm wrote: >> >> In a test environment, I've setup the following: >> >> 1 - Domain Controller Running AD >> 2 - Web2Py CAS Provider >> 3 - Web2Py CAS Consumer >> >> - The provider (#2) is able to get groups from #1, and updates them >> automatically. >> - The consumer (3) is using the provider (2) as a CAS provider. This >> works fine. >> - The consumer (3) and the provider (2) are sharing an authdb, which I >> had hoped would give the consumer access to the groups of the provider. >> >> The issue is that when a user logs into the consumer, the consumer adds a >> new user into auth_user, so every user has two auth_user records. The >> first record from the provider is assocaited with groups, while the second >> is not, as it is coming from the consumer, and has no idea what groups the >> provider knows about. >> >> With all that said, I'm hoping there is still a solution. At a high >> level, I need to support the following: >> - Authenticate via AD (already done) >> - Get groups from AD (already done) >> - Get groups to all consumers (possible if we skip the provider and just >> have the consumer connect to AD, but that breaks other functionality) >> - Single sign on to web2py apps (works, but breaks groups as web2py cas >> doesn't transfer group membership) >> >> The last two items are really the sticking point, I need single sign on >> *and* groups. In reviewing the underlying code for cas_auth.py >> <https://github.com/web2py/web2py/blob/master/gluon/contrib/login_methods/cas_auth.py>, >> >> I see that it doesn't support passing member_of, which cas2.0 appears to >> support. Even if it did support group membership, applying those changes >> to auth, would be a fairly major change. Any thoughts on ways to get >> around these limits? >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
