Restrict Validate Services

[Scott Battaglia]

At Rutgers we have a custom solution also, because it was ported over from
our CAS 2 instance.  Its essentialy an "approved" list (based on regular
expressions) and a CAS filter.

CAS itself ships with an "example" way of doing Restricted Services (check
the org.jasig.cas.services package).  To enable it, you need to uncomment
the approvedServices.xml entry in the web.xml and create a
services.xmlbased on the example included.  We're working on more
robust support in CAS
3.1

-Scott

On 1/16/07, Stephen Hock <shock at ucr.edu> wrote:
>
> At UCR we have implemented a solution external to CAS as a Tomcat filter
> which checks the service against a list of approved services. If the
> service
> is not in the list, the filter takes over the connection and causes the
> validation to fail. When implementing this, we were trying to avoid
> modifying
> CAS directly.
>
> -Stephen
>
>
> On Tue, Jan 16, 2007 at 08:02:49PM +0000, dfarr wrote:
> > How can I restrict which services (i.e, which web applications) my CAS
> > implementation is allowed to validate.
> >
> > e.g.
> >
> https://my.cas.implementation:8443/cas/login?service=http://web.app.com/securePage.jsp
> > where http://web.app.com/ is my service and is allowed to be validated.
> >
> >
> https://my.cas.implementation:8443/cas/login?service=http://someone.elses.web.app.com/securePage.jsp
> > where http://someone.elses.web.app.com/ is a service I can't know or
> want to
> > validate.
> >
> > Thanks
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070116/e8e14f4a/attachment.html