Our corporate identity service is Microsoft Active Directory. I've set up various things in HTTPD to authenticate/authorize against it via LDAP, but users who are used to SSO run into that AuthBasic credentials prompt and assume that they don't have access to the resource. What they are used to is CAS, which is plumbed into ADS behind the scenes. Now I have a resource that I want to make available only to members of an ADS group. This works fine using LDAP alone, but it throws up that prompt that people don't understand. I've verified that I can authenticate via CAS and authorize with 'Require valid-user', but CAS doesn't return any group membership info (either because it just doesn't, or because our identity management people don't want to do it). So what I think I want to do is to use Apereo mod_auth_cas for authentication and Apache mod_authnz_ldap for authorization. These are two different 'Authtype's. Am I out of luck? -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu
Attachment:
signature.asc
Description: PGP signature
|