CAS restful API
Julien Marchal
Julien.Marchal at univ-nancy2.fr
Tue Dec 2 03:48:06 EST 2008
Scoot,
Thank you for all.
We develop a temporary blockage of authentication. If a user
attempts a bad authentication, it could not authenticate before Xs even
with a correct password.
We use an aop:aspectj (pointcut
org.jasig.cas.authentication.AuthenticationManager.authenticate)
Thanks,
Scott Battaglia a écrit :
> Julien,
>
> Obtaining an LT is only one additional step and not especially hard to
> retrieve. People concerned about brute-force should either use
> something in CAS to throttle IP requests (i.e. the sample code we
> have) or something at their authentication source level (i.e. password
> locking after too many failed attempts).
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Fri, Nov 28, 2008 at 3:28 AM, Julien Marchal
> <Julien.Marchal at univ-nancy2.fr <mailto:Julien.Marchal at univ-nancy2.fr>>
> wrote:
>
> Scott,
> But in the web interface you have the ticket 'LT', which
> complicates things for an attack in the REST interface we can make
> brute force attack more simply.
>
> Thanks,
>
> Scott Battaglia a écrit :
>> Pascal,
>>
>> You should take the same concern with the RESTful API that you
>> would with the web UI as they can both be used to attempt to
>> determine passwords.
>>
>> -Scott
>>
>> -Scott Battaglia
>> PGP Public Key Id: 0x383733AA
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>
>>
>> On Thu, Nov 27, 2008 at 1:01 PM, Pascal Aubry
>> <pascal.aubry at univ-rennes1.fr
>> <mailto:pascal.aubry at univ-rennes1.fr>> wrote:
>>
>> Hi folks,
>> Seeing the RestFul API
>> (http://www.ja-sig.org/wiki/display/CASUM/RESTful+API), I
>> wonder if
>> something is done to prevent from password cracking. Anything
>> to be done
>> or does the CAS server already take care of such attacks?
>> Thanks,
>> PA
>>
>> --
>> http://perso.univ-rennes1.fr/pascal.aubry
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>> ------------------------------------------------------------------------
>> _______________________________________________ Yale CAS mailing
>> list cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
> Université Nancy 2 <http://www.univ-nancy2.fr/>
Pôle Lorrain de Gestion
13 rue du Maréchal Ney
CO 30075
54036 NANCY Cedex
> Téléphone 03.54.50.36.54
> Fax 03.54.50.36.51
Julien Marchal
Equipe réseau - CRI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081202/bf273f85/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nu_nancy2.png
Type: image/png
Size: 1829 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20081202/bf273f85/attachment.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tel.png
Type: image/png
Size: 1044 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20081202/bf273f85/attachment-0001.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fax.png
Type: image/png
Size: 932 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20081202/bf273f85/attachment-0002.png
More information about the cas
mailing list