CAS authorization

Jeremy Wickham jrw16 at its.msstate.edu
Tue Sep 23 10:51:18 EDT 2008 

I was looking through the CAS mailing list and came across your email about CAS authorization. I was curious to know if you have found out a way to implement the authorization piece into CAS.  We are actually wanting to want the server to authorize the user instead of leaving that up to the client, leaving the control of authorization of the applications to us.  

Any insight that you have into CAS authorization will be much help.

Thanks!


Jeremy Wickham
Senior Programmer Analyst
Enterprise Information Systems
jeremy.wickham at msstate.edu
(662) 325-9173

>>> dale77 <Dale.Ogilvie at trimble.co.nz> 8/7/2008 8:38 PM >>>

My understanding is that CAS is an authentication technology, with
authorization being solely the responsibility of the client service.

I believe it makes sense for CAS to provide for authorization where it is a
requirement that a service absolutely not be accessible to a given user. I
came up with the following flow:

1. User hits service protected by SSO
2. Service redirects to CAS
3. User enters creds into CAS
4. CAS authenticates user
5. If authentication FAILS -> "your credentials are not authentic" STOP
6. NEW!! CAS authorizes user for service (CAS level authorization)
7. NEW!! If authorization FAILS -> "sorry you are not authorized to use that
service" STOP
8. CAS redirects back to service with service ticket
9. Service validates service ticket
10. Service authorizes User (service level authorization, as it is done
today)
11. User accesses service

Has anyone implemented anything like the above in CAS, or do people think
that this sort of functionality would be desirable? The advantage is that
the service never hears from an "authenticated" user, and authorization is
managed by the CAS implementor for that particular service.

Dale

-- 
View this message in context: http://www.nabble.com/CAS-authorization-tp18883610p18883610.html 
Sent from the CAS Users mailing list archive at Nabble.com.

_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu 
http://tp.its.yale.edu/mailman/listinfo/cas

More information about the cas mailing list