Jérôme wrote:
> In fact, the implementation will strongly depend on the version of the CAS > server and the way you authenticate your Admin user. It's probably easier > with the new CAS server 4.0 as everything can be done in an authentication > handler [1] without using a principal resolver. > > Let's say that your Admin user is authenticated by a login and a password > and has an IP in a specific range. > > I would change the login page to post a new field : impersonatedUsername. I am also interested in the impersonation. We have CAS 3.5.2 and happy with it, so I am reluctant to move to 4.0. What we do is the authentication mechanism taking place in a custom java class. It would be sufficient for us to retrieve the username of the user to impersonate from the URL: i don't feel comfortable to add a new field "Impersonate user" to the login page. Checking the IP address is a good idea. Any further suggestion (or link) is welcome! Ciao, --------------------------------------------------------------------- Fabio Sogni | E-Mail: [email protected] | ESO - EUROPEAN SOUTHERN OBSERVATORY | Phone : +49 89 320 06 566 | Karl Schwarzschild Strasse, 2 | Fax : +49 89 320 06 677 | Garching bei Muenchen - Germany | | --------------------------------------------------------------------- Visita Interiora Terrae, Rectificando Invenies Occultum Lapidem. --------------------------------------------------------------------- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
