how do I override validateServiceTicket based on theme?

[Yan Zhou]

Hello,

We are using CAS 4.1.9 overlay for AuthN in our enterprise. Two Apps. have the same user Id such as: XYZ, but they maybe two different persons. 

We want to achieve a partial SSO, in other words, user login to app. A may be able to SSO to app B, but not to app C (because app C and app A have user id collision).

We want CAS to be able to detect that, i.e.., authenticated users from one theme cannot SSO to apps. on another theme.  It seems that I would override  CentralAuthenticationServiceImpl's validateServiceTicket() to do that. Not sure that is best, since that is at the heart of CAS logic.

Ideas?

Thx!

Yan