Federico, When a user authenticates to "C", can C transparently get the data it needs from "A" or "B" if it can authenticate to those service on behalf of the user? If so, then you could have CAS proxy authentication work that way, too.
If the user needs to interact directly with both "C" and "A" (for example), then you don't want to use proxy authentication. Thanks, Carl ----- Original Message ----- From: "Federico Paparoni" <federico.papar...@gmail.com> To: cas-user@lists.jasig.org Sent: Monday, November 3, 2014 12:03:59 PM Subject: Re: [cas-user] CAS with User/Role webapp manager Hi Carl, the user must pass through webapp C, because only there is the list of available apps for a user. An admin on webapp C will select which applications a user can access. In this way users don't bookmark webapp A/B or even if they bookmark it the main entry point is webapp C. 2014-11-03 17:26 GMT+01:00 Waldbieser, Carl <waldb...@lafayette.edu>: > > Federico, > > It sounds like your users should authenticate with CAS to webapp A or B. > Those services should request proxy granting tickets for webapp C. They > should then request proxy tickets for webapp C and attempt get the user's > roles on a back channel. > > Your users would never browse to or see webapp C in the scenario I > described. Your other webapps would leverage webapp C to get the user role > information. > > Thanks, > Carl Waldbieser > ITS System Programmer > Lafayette College > > ----- Original Message ----- > From: "Federico Paparoni" <federico.papar...@gmail.com> > To: cas-user@lists.jasig.org > Sent: Monday, November 3, 2014 11:12:56 AM > Subject: [cas-user] CAS with User/Role webapp manager > > Hi all, > > I have the following scenario: > > - CAS server > - webapp A > - webapp B > - webapp C : user/app/roles manager, an application that map roles to > user/app. > Using it i can enable user to enter in a specific application with a list > of roles > > When a user tries to access to webapp A, if not authenticated, the > browser redirects > to CAS login page. The custom authentication should also retrieve the roles > associated with the user. Then the browser is redirected to webapp C, where > the user can see a list of link with enabled applications. > > I read the Proxy CAS Walkthrough ( > https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough) and some > other documentations > on possible architectures but I don't understand if myscenario is suitable > with a customization of CAS server. Ideas? > > Cheers, > > Federico > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > waldb...@lafayette.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > federico.papar...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Federico Paparoni Blog -- http://fpaparoni.wordpress.com/ Twitter -- http://twitter.com/fpaparoni -- You are currently subscribed to cas-user@lists.jasig.org as: waldb...@lafayette.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
