3

I have several applications, all of them are web2py-based, I want all of them to use a central authentication service, CAS in web2py is working properly for authentication, but when it comes to authorization, it is not working !

let's say we have app "provider", and apps "A" and "B", "A" and "B" use "provider" for authentication, then they want to use the groups/memberships/permissions that are defined in "provider" to define access rights in their applications, it is not working, not supported ? or I am missing something, what is the best way to do that.

is it possible to have authentication as central then do the authorization locally ? for example I want to have a central authentication (using CAS) then when it comes to define what records the user can access (the authorization ) it is local, is that supported, I don't get it what is the point of CAS if authorization does not work from the central app.

j0k
  • 22,600
  • 28
  • 79
  • 90
user1718359
  • 31
  • 2

1 Answers1

1

CAS itself only handles authentication not user authorization. The point of CAS is that each application doesn't have to be individually and explicitly signed into.

Out of the box, application authorization is up to the client application. Unicon has developed an add-on to CAS that provides Role Based Authorization.

John Gasper
  • 672
  • 4
  • 12