Hi Marvin You are absuletly right. May be another custom filter that checks some kind of shared token between cas-server and the client can be developed for that.
Pamir On Thu, Apr 12, 2012 at 12:09 AM, Marvin Addison <marvin.addi...@gmail.com>wrote: > > In my opinion you have to change cas-client validation source code . By > this way it will use query strings service name instead of web.xml to > redirect to domain which you want. > > This strategy is fine as long as your reverse proxy is the one setting the > parameter indicating the public domain. That's an important consideration > since it's a trusted source of information about domain mappings. Contrast > that with allowing the client to control the parameter, which carries > security liabilities. Generally any information supplied by the client > should be considered untrusted unless it can be verified (e.g. comparison > with known value, digital signatures, encryption). > > M -- Pamir Erdem -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
