Could CAS server answer to questions such as "is operation bar allowed to user foo"?
The list of operations is CAS server dependent, the consumer can ask only for those... mic 2011/5/23 Massimo Di Pierro <[email protected]>: > I have been thinking about this but issue is, how should groups be > identified? By their name? The consumer app does not have the same > auth_group table. What if it has a group with the same name as a group > in the provider app? > > Anyway... as it ism CAS (and cas in Auth) has a problem. Any consumer > can authenticate with it and therefore it will reveal information > about the user (for example the username and email). There are two > ways to restrict this: 1) have the provider filter consumers by IP/ > domain; 2) have the user decide whether to authenticate with the > consumer (as in OpenID). I think 1 is more appropriate for CAS and > easier to implement. > > > On May 23, 7:24 am, Ross Peoples <[email protected]> wrote: >> I am not that familiar with CAS, but it might be useful in some cases to >> know what groups the user is a member of in the remote web2py installation. >> For example, if there is an 'Administrators' group that should have access >> to everything, then you wouldn't have to set up groups and permissions for >> every single app that uses the remote Auth service.
