HI All, I'm going to develop a public website with SSO supported to integrate some modules not in Java. What I want to know is if CAS is good for that purpose?
I deployed an CAS server on my computer and several client webapps, and found it is possible that if someone else knows I'm using CAS, he can deploy his own webapp with the parameters (if I don't change the default validation URLs on my CAS instance), and use my SSO service. I want to know if there is some other configuration that can prohibit this happen? Thank you in advance. Best Regards, Jason -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
