Is it possible to use different delegated authentication for different services?

Mark Klinchin

unread,

Jul 7, 2020, 3:30:19 PM7/7/20

to CAS Community

Hi there,

Does anyone knows whether it is possible to use different delegated authentication for different services? For example, when accessing CAS as https://cas.company.com/cas/login?service=https://app-abc.company.com CAS login page will display Office 365 and Twitter buttons but when accessing CAS as https://cas.company.com/cas/login?service=https://app-dfe.company.com CAS login page will display Okta and Facebook buttons?

It sort of works for LDAP authentication when it is possible to limit LDAP connect to pattern entered to the user field such as one LDAP will check checked for us...@company-abc.com and another one for us...@company-cde.com . It is not exactly the same but service-based filtering of delegated auth buttons looks like a good option when there are different authentication realms for different apps or companies.

Thank you,

Mark

Molly Kewl

unread,

Jul 8, 2020, 5:03:48 PM7/8/20

to cas-...@apereo.org

https://apereo.github.io/2019/02/25/cas61-delegate-authn-saml2-idp/#identity-provider-authorization

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/65f94e2c-a075-4e3c-b84f-f89f11422e90o%40apereo.org.

Mark Klinchin

unread,

Jul 14, 2020, 10:35:23 AM7/14/20

to CAS Community, meedel...@protonmail.com

Thank you very much. This is exactly what I was looking for. I wish it would be in a bit more earlier versions but this is great information!

Mark

On Wednesday, July 8, 2020 at 5:03:48 PM UTC-4, Molly Kewl wrote:

https://apereo.github.io/2019/02/25/cas61-delegate-authn-saml2-idp/#identity-provider-authorization

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, July 8, 2020 12:00 AM, Mark Klinchin <mkli...@gmail.com> wrote:

Hi there,

Does anyone knows whether it is possible to use different delegated authentication for different services? For example, when accessing CAS as https://cas.company.com/cas/login?service=https://app-abc.company.com CAS login page will display Office 365 and Twitter buttons but when accessing CAS as https://cas.company.com/cas/login?service=https://app-dfe.company.com CAS login page will display Okta and Facebook buttons?

It sort of works for LDAP authentication when it is possible to limit LDAP connect to pattern entered to the user field such as one LDAP will check checked for us...@company-abc.com and another one for us...@company-cde.com . It is not exactly the same but service-based filtering of delegated auth buttons looks like a good option when there are different authentication realms for different apps or companies.

Thank you,
Mark

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

Reply all

Reply to author

Forward