CAS functionality

[Richard Gundersen]

Hi 

I'd really appreciate some help with the following:


1) Can CAS be configured to populate this Principal object (using a
UserDetailsService perhaps?) by making changes only to the config in the CAS server
webapp?

2) ...or do I need to add ACEGI to all of my existing apps, and do the authorization within them. 
3) I need to catch specific error messages when logging in e.g. password expired etc etc. Can this be done in CAS? If not, a suggestion as to how this can be achieved would be great.


I would like to avoid 2) if possible because I want to make minimal changes to the existing apps. (aside from adding the filter config)

As some background info, I've got about 10 legacy webapps to protect. They are running in Tomcat, and although some of them use Spring etc, most of them are non-spring, so adding ACEGI/Spring Security to them would be difficult.

I've set up CAS to act as my SSO and it authenticates against our LDAP server, and this works OK. It successfully blocks access to a couple of apps I have configured to use the CAS filter

All of the apps require a Principal object to be stored in the session for a logged in user. This contains the users' roles, which the apps use to make authorization decisions.

Thanks

Richard 


_________________________________________________________________
Search and win with BigSnapSearch.com 
http://www.bigsnapsearch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080428/a3c08647/attachment.html