We should make a list of operations we want to support. Anyway, I have one more revision.
Say you has two apps running on domains http://domain1/app1 and http://domain2/app2 (where domain1 and domain2 can be 127.0.0.1:8000) Now you simply do: # In app1/models/db.py auth = Auth(db=db) auth.cas_domains.append('http://domain2') # allow app2 from domain2 auth.define_tables(username=True) # In app2/models/db.py auth = Auth(db=db,cas_provider='http://domain1/app1/default/user') auth.define_tables(username=True) At voila' app2 will use app1 for authentication. username=True is optional. Massimo On May 23, 9:45 am, Michele Comitini <[email protected]> wrote: > Could CAS server answer to questions such as "is operation bar allowed > to user foo"? > > The list of operations is CAS server dependent, the consumer can ask > only for those... > > mic > > 2011/5/23 Massimo Di Pierro <[email protected]>: > > > > > > > > > I have been thinking about this but issue is, how should groups be > > identified? By their name? The consumer app does not have the same > > auth_group table. What if it has a group with the same name as a group > > in the provider app? > > > Anyway... as it ism CAS (and cas in Auth) has a problem. Any consumer > > can authenticate with it and therefore it will reveal information > > about the user (for example the username and email). There are two > > ways to restrict this: 1) have the provider filter consumers by IP/ > > domain; 2) have the user decide whether to authenticate with the > > consumer (as in OpenID). I think 1 is more appropriate for CAS and > > easier to implement. > > > On May 23, 7:24 am, Ross Peoples <[email protected]> wrote: > >> I am not that familiar with CAS, but it might be useful in some cases to > >> know what groups the user is a member of in the remote web2py installation. > >> For example, if there is an 'Administrators' group that should have access > >> to everything, then you wouldn't have to set up groups and permissions for > >> every single app that uses the remote Auth service.
