Le 08/06/2011 17:55, David Hawes a écrit :
On 06/08/2011 10:00 AM, Philippe MARASSE wrote:Hello,In our organization, we use CAS with AD (smartcard and login/password login, but not SPNEGO), and 2 different techniques to manage authorization through group membership : - client application is CAS aware => SAML ticket validation can provide attributes : groups, given name, display name, which can be used to achieve authorization. - client application is not CAS aware => mod_auth_cas is used for authentication, and mod_authnz_ldap is used for authorization based on group membership.You can also use this patch to authorize based on the released SAML attributes: https://issues.jasig.org/browse/MAS-37
Interesting indeed, I’ll test it soon :-). Thanks. -- Philippe MARASSE Service Informatique - Centre Hospitalier Henri Laborit BP 587 - 370 avenue Jacques Coeur 86021 Poitiers Cedex Tel : 05.49.44.57.19
smime.p7s
Description: S/MIME Cryptographic Signature
