I think what I need it's a client-work (maybe modifying CasTag.java) If an user is authenticated in app1 with user/pass, when he tries to access app2 that requires x509, I have to validate the type of authentification that the user has in CAS Server in this moment ( user/pass in this case).
So I have to store in "some place" (CAS Server ? cookie in browser?) the higher type of authentication that the user has used ( certificate > user/pass). Any ideas? Thanks again. Marvin Addison-2 wrote: > > Shi's suggestion is a good one, and boils down to the following: > > This is a per-service authorization need, and it is up to CAS clients > to do authorization. > > Shi pointed out that CAS can help in this regard by providing > arbitrary attributes, which your clients could leverage as needed. We > have implemented this strategy for the very use case you mentioned, > level of identity assurance. You can review our source as a starting > point to see what you'd need to do, > https://projects.iad.vt.edu:8443/svn/middleware/cas/cas-server/trunk/vt-cas-server-ext/src/main/java/edu/vt/middleware/cas/authentication/. > We chose to use the LOA vocabulary from > http://www.oasis-open.org/committees/download.php/28706/sstc-saml-loa-authncontext-profile-draft-01.pdf > since it looks like it could become a SAML standard. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- View this message in context: http://www.nabble.com/CAS-modification-to-achieve-a-requirement-tp22620497p22658931.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
