Hi Jason, You can use Services Management to effectively manage which services (i.e. CAS Clients) can use your CAS server.
https://wiki.jasig.org/display/CASUM/Services+Management Best, Bill On Thu, Apr 26, 2012 at 9:27 AM, Jason Wang <[email protected]> wrote: > HI All, > > I'm going to develop a public website with SSO supported to integrate some > modules not in Java. What I want to know is if CAS is good for that purpose? > > I deployed an CAS server on my computer and several client webapps, and > found it is possible that if someone else knows I'm using CAS, he can deploy > his own webapp with the parameters (if I don't change the default validation > URLs on my CAS instance), and use my SSO service. > > I want to know if there is some other configuration that can prohibit this > happen? > > Thank you in advance. > > Best Regards, > Jason > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
