CAS w/ ACEGI
Larry Symms
lsymms at gmail.com
Sat Mar 8 09:49:31 EST 2008
I'm working on a distributed authentication/authorization environment
that will maintain a list of principals that each user/entity is
currently authenticated with in order to manage principal based role
management as well as provide a consolidated sign-out system. ACEGI
will populate the distributed list of authenticated principals. We
don't have an existing CAS or ACEGI configuration. My current issue is
determining "the best" way to implement this. Watching the CAS server's
logs roll by I see it attempting each authenticationHandler until it
succeeds so clearly it's possible to intercept that process chain and
somehow provide that info for ACEGI. On the other hand I've been
reading about methods for ACEGI to to accomplish this. One method
suggests using the ACEGI CasAuthenticationHandler, another suggests
using the ServiceTicket to access the TicketRegistry to get the
Authentication object.
1. Does anyone have a working sample of this interaction?
2. Do those 3 methods summarize my options? Are any of them outdated?
3. What method makes the most sense? I'm definitely leaning towards an
ACEGI configuration to manage this, since it's foreseeable that this
system would be used with existing CAS servers so leaving CAS out-of-box
is preferred.
Larry Symms
More information about the cas
mailing list