you could certainly write such a Security Realm implementation... but be warned that Security Realm implementations are probably among the more complex to write (i.e. it can be easy to fuck them up)
The user and group information is all provided by the single Security Ream component, so they both have to come from a single plugin. An alternative is the commercial CloudBees Enterprise RBAC plugin which lets you define and manage groups *within* jenkins... that gives you an additional layer for group information (i.e. your CAS Security realm would not be providing RBAC with "external" group information and it will not - in and of itself - go and ask your LDAP server about groups... if you configured the LDAP security realm, however, then the RBAC plugin would get the LDAP group info... but you wouldn't have the CAS authentication then ;-) ) On 21 November 2013 10:18, Steffen Breitbach <steffen.breitb...@1und1.de>wrote: > Hi everyone! > > In our company one can use CAS as an authentication service for single > sign on purposes. Unfortunately, however, that is all it does. The response > contains information about the user (like email address) but not about the > roles he is in. This has to be done e.g. trough LDAP. > > Is there a way to use two different plug ins for authentication and > authorization in Jenkins? > > Regards > Steffen > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
