0

Whenever a change applications, I need CAS to fetch a new set of roles from the server (the set of roles for that specific application). Is there a way to do so?

As it is today, it gets the roles for the first application (lets name it A) and when I access the application B I can only see the roles for application A, which gives me a 403 (access denied) error code.

Ex:

Product A has the roles: ADMIN, MANAGER and STAFF.

Product B has the roles: ADMIN, BACKOFFICE, FRONTOFFICE.

When I access Product A first CAS detects that the user is accessing int through Product A and puts its three roles in session and everything goes fine for Product A.

After that I access product B and CAS sees that I have a valid ticket and grants me access to Product B, but instead of fetching roles again for product B (ADMIN, BACKOFFICE and FRONTOFFICE), it keeps the roles from Produca A (ADMIN, MANAGER, STAFF).

Cœur
  • 37,241
  • 25
  • 195
  • 267
user793953
  • 91
  • 9

1 Answers1

0

I'm not sure to understand clearly your need. Though, you can manage attributes returned by the CAS server to the different applications and therefore compute appropriate roles by following this documentation : https://wiki.jasig.org/display/CASUM/Attributes.

jleleu
  • 2,309
  • 1
  • 13
  • 9
  • I edited the question adding more details. It would be possible to get every role for every application when we first sign in but that's not what we want. – user793953 Mar 25 '13 at 18:08
  • User attributes are retrieved once, at CAS login. If you want to get additionnal roles in your web application, I recommend you get them from your web application (this way, CAS = authentication, webapp = authorization) – jleleu Mar 26 '13 at 08:17