I'll be using the Apache Shiro product for this I've not yet figured out how to connect Shiro & CAS
Allen Joslin ePath Learning, Inc. 300 State Street, Suite 400 New London, CT 06320 (860) 444-7900 x-43 [email protected]<mailto:[email protected]> * ePath Learning has been recognized on the Inc. 500/5000 list of the fastest-growing private companies in America for the past five years, and is a recipient of the 2013 Marcum Tech Top 40 award, in addition to receiving multiple product of the year and technology excellence awards. This message contains information which may be confidential and/or privileged. Unless you are the intended recipient (or authorized to receive for the intended recipient), you may not read, use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail and delete the message and any attachment(s) thereto without retaining any copies. From: Idan Fridman [mailto:[email protected]] Sent: Tuesday, December 17, 2013 3:02 AM To: [email protected] Subject: RE: [cas-user] Impersonation support Hi, " Though, I think you could achieve that by creating the appropriate handler" Could you abit elaborate on that one? Some leads how to implement this. Thanks From: Jérôme LELEU [mailto:[email protected]] Sent: Tuesday, December 17, 2013 9:15 AM To: [email protected]<mailto:[email protected]> Subject: Re: [cas-user] Impersonation support Hi, CAS doesn't have that feature out of the box. Though, I think you could achieve that by creating the appropriate handler : it would take the Admin credentials as well as the username to impersonate. The main challenge and concern here is security, as this mecanism is extremely powerful. If I can trick it, I could be anyone. The level of security requested for the Admin user should be higher than for a regular user : IP filtering or one-time password code could be extra checks (in addition to login/pwd) to mitigate risks. Best regards, Jérôme 2013/12/16 ray <[email protected]<mailto:[email protected]>> I would like to know if cas support impersonation? For example an Admin user can have the ability to "pretend" to be some regular user and have his roles, permissions, etc.. Something like Facebook feature: ".. View as Specific Person" If CAS doesn't support that out of the box any suggestions how to work around for doing that? Thanks, ray. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user This e-mail and the information it contains may be privileged and/or confidential. It is intended solely for the use of the named recipient(s). If you are not the intended recipient you may not disclose, copy, distribute or retain any part of this message or attachments. If you have received this e-mail in error please notify the sender immediately [by clicking 'Reply'] and delete this e-mail. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
