> is it possble to be > authenticated by SPNEGO but > authorized by LDAP?
In a word, you can absolutely mix sources of authentication and attribute release, which is not the same as authorization. It's important to clarify that CAS has absolutely no support for authorization. It can _facilitate_ authorization via attribute release using the SAML 1.1. protocol, but it does not perform any user authorization functions in itself. > Is SAML useable in this kind of scenarios? How and what your I take special > care. Every CAS-enabled application will need to perform its own authorization, but the SAML-driven attribute release capability of CAS can provide data from a centralized repository like LDAP to assist the process. Some helpful links to get you started: - https://wiki.jasig.org/display/CASUM/SAML+1.1 - https://wiki.jasig.org/display/CASUM/Attributes M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
