Https for validation again
Scott Battaglia
scott.battaglia at gmail.com
Tue Jan 9 08:40:28 EST 2007
The CAS Server has no SSL requirements (except that by default if you use
proxying it requires the callback url to be SSL). The CAS client,
depending on which version you use may have a hard-coded https requirement
which would need to be removed.
The HttpClient has no SSL requirements and should be able to work with http
and https urls.
You are not required to use the approved_services.xml. Its completely
optional (and for the most part we don't recommend you enable the
restrictions unless necessary). It essentially requires you to explicitly
state which services can use CAS.
-Scott
On 1/9/07, Obel.Volker.ext at deutsche-boerse.com <
Obel.Volker.ext at deutsche-boerse.com> wrote:
>
>
> Hi all,
>
> last friday I asked for some hints and / or code dealing with non SSL
> communication between Web Apps and CAS. I understand all the hints, why one
> should use SSL. But in fact, customer will NOT agree to this. With SSL,
> everything works fine and was easy to set up. But I still need a quick
> solution for not using SSL.
>
> So, again my questions...
>
> Has anybody some code for non SSL HttpClient on client and CAS Server
> side?
> Is it enough, to change the HttpClientFactory classes on both sides?
>
>
> Another question: Do I need an entry for each Web app to be secured in the
> services.xml (expecially approved_services.xml)?
> For what is this file used?
>
> would be glad to get some help
>
> many thanks
>
> Volker
>
> ------------------------------
>
>
> *
> Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte
> Informationen.
> Wenn Sie nicht der beabsichtigte Empfaenger sind, informieren Sie
> bitte
> sofort den Absender und loeschen Sie diese E-Mail. Das unbefugte
> Kopieren
> dieser E-Mail oder die unbefugte Weitergabe der enthaltenen
> Informationen
> ist nicht gestattet.
>
> The information contained in this message is confidential or
> protected by
> law. If you are not the intended recipient, please contact the
> sender and
> delete this message. Any unauthorised copying of this message or
> unauthorised distribution of the information contained herein is
> prohibited.
> *
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070109/2003ef9d/attachment.html
More information about the cas
mailing list