Hi Jason,

You can use Services Management to effectively manage which services
(i.e. CAS Clients) can use your CAS server.

https://wiki.jasig.org/display/CASUM/Services+Management

Best,
Bill


On Thu, Apr 26, 2012 at 9:27 AM, Jason Wang <[email protected]> wrote:
> HI All,
>
> I'm going to develop a public website with SSO supported to integrate some
> modules not in Java. What I want to know is if CAS is good for that purpose?
>
> I deployed an CAS server on my computer and several client webapps, and
> found it is possible that if someone else knows I'm using CAS, he can deploy
> his own webapp with the parameters (if I don't change the default validation
> URLs on my CAS instance), and use my SSO service.
>
> I want to know if there is some other configuration that can prohibit this
> happen?
>
> Thank you in advance.
>
> Best Regards,
> Jason
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to