Re: How shiro-cas could get the user authorization info

[jleleu <le...@gmail.com>]

Hi,

The idea is to :
- retrieve all necessary and interesting information in the CAS server (for
example, any user attributes or roles)
- create in the protected application the appropriate realm inherited from
CasRealm to process these attributes and compute the suitable Shiro roles
and permissions.

Best regards,
Jérôme




--
View this message in context: http://shiro-user.582556.n2.nabble.com/How-shiro-cas-could-get-the-user-authorization-info-tp7579334p7579335.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: How shiro-cas could get the user authorization info

[jleleu <le...@gmail.com>]

Hi,

It's more a CAS question that you should ask on the CAS user mailing list.
The idea is to configure CAS in the deployerConfigContext.xml file to
retrieve user attributes. These ones are good start points :
https://wiki.jasig.org/display/CASUM/Attributes &
http://jasig.github.io/cas/installation/Configuring-Authentication-Components.html.
Best regards,
Jérôme




--
View this message in context: http://shiro-user.582556.n2.nabble.com/How-shiro-cas-could-get-the-user-authorization-info-tp7579334p7579353.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: How shiro-cas could get the user authorization info

[jleleu <le...@gmail.com>]

Hi,

You're right : that's an option.

That said, I would prefer the centralized approach (in the CAS server).
Let's say your society merge with another one and that you have now two
LDAPs to query (to get the roles): what would be the best strategy ? Upgrade
all your client applications or just upgrade your CAS server ?

Best,
Jérôme




--
View this message in context: http://shiro-user.582556.n2.nabble.com/How-shiro-cas-could-get-the-user-authorization-info-tp7579334p7579337.html
Sent from the Shiro User mailing list archive at Nabble.com.