I am working on some project involving Liferay Portal, CAS and Apache Directory Server. I am supposed to prepare proof of concept (or disproof) for the following model.
1. Liferay is integrated with CAS and supports SSL (needed for further usage of SSO). I have already done it and it works.
2. CAS communicates with LDAP server (Apache Directory Server) in order to perform not only authentication, but also authorization. I would like to achieve situation, when Liferay stores its dynamic privileges (to various Liferay objects) in his own database and static privileges (like user roles for instance) gets from CAS, which in fact gets it from LDAP. I want it transparent, namely that Liferay is not aware of LDAP existence.
As far as I know CAS out-of-the-box does only support authentication.
Is this possible? Anny ideas? Hints?
0
votes
2 Answers
1
votes
CAS as in Central Authentication Service? It's designed for authentication, as the name implies.
Authorization is something quite different, as you clearly know already. You'll need a framework designed for authorization - try Spring Security.
0
votes
I agree with David M.: CAS handles only authentication.
But you could load all the roles of a user during the authentication-process (e.g. by implementing your own AuthenticationMetaPopulator) and provide these to a service using the later response of the serviceticket-validate call.
