Hey, Scott and Joachim, thank you so much! You just pointed out something I've never thought through.... In my case, I have about 10 web application, which all have their own authentication function. The authentication procedure are similar: first, check a "User" table in application's database, to verify if the login user existed; if so then using LDAP java client API to contact LDAP server and do LDAP authentication. All app are using same way, and user id are all in same format (which actually are LDAP id). The only difference is that before the LDAP authentication, each app search its own database. This is the reason why I thought I need to identify client application request, so I can let CAS search the right table....
I guess for now maybe I need to think it another way....But I think I still need to do some filter before the LDAP authentication. For example, I create a "customized" authentication function, and search one "pre-screen" user table, and then do LDAP authentication, and then just pass this single unique global id to all client? Does CAS support this kind of customize? Any suggestion are highly appreciated. Thanks you very much for the help. --Jerry >>> Scott Battaglia <[email protected]> 7/26/2010 9:01 PM >>> Jerry, Applying different logic for authentication per application defeats the purpose of using CAS. CAS provides single sign on to applications using a single unique global id for a person. If the authentication is per application, then a single sign on server is relatively useless. I would first take a look at why all of these applications have different authentication requirements. Its possible that they're not properly separating authentication from authorization. Cheers, Scott On Mon, Jul 26, 2010 at 11:34 AM, Jerry Shi < [email protected]> wrote: > I am trying to deploy a CAS server for testing. I have a question about > client application. In my plan, I will use CAS to authenticate about 10 > different client application. But some application has it own authentication > logic, so I need CAS identify which application requested the > authentication. Are there any way to do this? For example, when user type in > Client App1's url to browser, the CAS can tell the authentication request is > from "App1", then it will do App1's authentication procedure; same as > "Client App2, 3, etc.." > Thank you very much > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
