Hi, When I debug PolicyBasedAuthenticationManager.authenticateInternal I did noticed three authentication handlers. 1) My Custom AuthenticationHandler 2 ) ClientAuthenticationHandler 3 ) HttpBasedServiceCredentialsAuthenticationHandler
I'm only using my customer handler and ClientAuthenticationHandler. I do not see #3. How do I turn off HttpBasedServiceCredentialsAuthenticationHandler completely? I'm worried that hackers can send HttpClientCredential to get access to the system. Also I did notice that PolicyBasedAuthenticationManager has log.error when we enter bad password which I also want suppress this logging. Thanks Rao -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb82166f-7705-43a5-91d1-f6621727230b%40apereo.org.
