Information Technology Reference
In-Depth Information
As we have seen, the interceptor may also use the user identity and other
attributes to perform an authorisation check before allowing the user in
16
.
As we will see in our discussion of CAS, a common optimi sation is for user
attributes retrieved when authenticating access to the first application, to be
stored with the Authentication Token in the token database. This allows the
SSO server to send user attributes to each application's interceptor without
having to retrieve them repeatedly from the user repository.
16
It is also possible to ensure that the application access token is only generated by
the SSO server after it performs this authorisation itself. So verifying and enforcing
authorisation rules may be done either by the SSO server or by the interceptor, and
both are optional in any case, which is why we said this token is only loosely related
to authorisation.
