I tried hitting the /services/ page from Apache (I use modjk to get to Tomcat via AJP) and it redirected to localhost:8080/
I then tried with domain:8080 and yet it redirected to localhost:8080/ That URL fails BTW because localhost (127.0.0.1) is not where CAS is listening in my case but in a different IP. This is an example of the URL I get redirected to: http://localhost:8080/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fcas%2Fservices%2Fj_acegi_cas_security_check In reality I am OK with actually not having any configuration URL that could potentially be hacked somehow so I would prefer to configure the service URLs that I authorize directly from configuration. I found from the links you guys provided some information to disable for example the /proxy endpoint. I am wondering if there are simple steps to just allow certain service URLs via configuration? If that is not possible I would like then to understand why I am redirected to localhost:8080 and correct that issue. Thanks for your help! -Nestor On Tue, Jan 10, 2012 at 12:04 AM, Misagh Moayyed <[email protected]> wrote: > You will also find a very good overview of the Service Management > component in CAS here: > http://cloud.github.com/downloads/jdlich/cas-docs/CAS-Documentation-v3.4.1 > .pdf > > In particular, review the Services Management chapter for details. > > HTH. > > -Misagh > > > -----Original Message----- > From: Nestor Urquiza [mailto:[email protected]] > Sent: Monday, January 09, 2012 8:31 PM > To: [email protected] > Subject: Re: [cas-user] URL White List for CAS access > > Thank you very much Andy! > Best, > -Nestor > > On Mon, Jan 9, 2012 at 10:11 PM, Andrew Morgan <[email protected]> wrote: >> On Mon, 9 Jan 2012, Nestor Urquiza wrote: >> >>> Hi guys, >>> >>> I have integrated a couple of Spring applications with CAS which I >>> have documented in >>> >>> > http://thinkinginsoftware.blogspot.com/2012/01/sso-with-ldap-spring-and-ca > s.html >>> >>> I believe I should avoid accepting service parameter blindly. Instead >>> I want to make sure I only allow certain applications to use CAS which >>> basically means I should be able to maintain a list of URLs and find >>> out if the provided service parameter exists in such a list. If it >>> does not exist I should not redirect to it upon successful login or >>> even better I should not even present the form at all and instead an >>> error message. >>> >>> Is such functionality already available? If not where should I > implement >>> it? >>> >>> Thanks in advance, >>> -Nestor Urquiza >> >> >> CAS has this functionality built-in - the Services Management page. Get >> started here: >> >> https://wiki.jasig.org/display/CASUM/Services+Management >> >> Andy >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
