I have been thinking about this but issue is, how should groups be identified? By their name? The consumer app does not have the same auth_group table. What if it has a group with the same name as a group in the provider app?
Anyway... as it ism CAS (and cas in Auth) has a problem. Any consumer can authenticate with it and therefore it will reveal information about the user (for example the username and email). There are two ways to restrict this: 1) have the provider filter consumers by IP/ domain; 2) have the user decide whether to authenticate with the consumer (as in OpenID). I think 1 is more appropriate for CAS and easier to implement. On May 23, 7:24 am, Ross Peoples <[email protected]> wrote: > I am not that familiar with CAS, but it might be useful in some cases to > know what groups the user is a member of in the remote web2py installation. > For example, if there is an 'Administrators' group that should have access > to everything, then you wouldn't have to set up groups and permissions for > every single app that uses the remote Auth service.
