Is there any role management concern in CAS?
Scott Battaglia
scott_battaglia at rutgers.edu
Tue Aug 1 21:53:24 EDT 2006
Allen,
Its trivial to do the single sign on part with CAS (as CAS is a single
sign on solution ;-)). Generally, however, role management is not done
in CAS, though its not impossible to do.
You would need a custom Principal type with a custom
CredentialsToPrincipal resolver to populate the principal with the
service->role mappings. Then you would need to customize the protocol
JSP page to retrieve the role based on the service. That's the easy part.
On the client side however, you'd have to modify the client libraries to
recognize the extended XML.
-Scott
Scott Battaglia
Application Developer, Architecture & Engineering Team
Enterprise Systems and Services, Rutgers University
v: 732.445.0097 | f: 732.445.5493 | scott_battaglia at rutgers.edu
Allen Young wrote:
> Hi,
>
> My question is as follows:
>
> Say I have two web applications, App1 and App2, each of which has
> different username/password and role management, because they are both
> legacy systems. Now I want to use CAS to implement sso for these two
> applications. For example, one user called "Jack" has a
> username/password "jack1/jack1" with a role "user" in App1 and a
> username/password "jack2/jack2" with a role "admin" in App2. The best
> result is that he needs to visit only one application, this would lead
> him to CAS's login page, after his login, he could get into App1 as a
> "user" and App2 as a "admin".
>
> Can I use CAS to implement this? If so, How? Thanks a lot!
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list