thank you so much, that is what I concerned. I also want to know if there is a kind of mechanism by which I can set a secret key on the CAS server and my own services so that other people without the secret key can not join my SSO because all ticket validations would fail?
Best Regards, Jason On Thu, Apr 26, 2012 at 10:42 AM, William G. Thompson, Jr. <[email protected] > wrote: > Hi Jason, > > You can use Services Management to effectively manage which services > (i.e. CAS Clients) can use your CAS server. > > https://wiki.jasig.org/display/CASUM/Services+Management > > Best, > Bill > > > On Thu, Apr 26, 2012 at 9:27 AM, Jason Wang <[email protected]> wrote: > > HI All, > > > > I'm going to develop a public website with SSO supported to integrate > some > > modules not in Java. What I want to know is if CAS is good for that > purpose? > > > > I deployed an CAS server on my computer and several client webapps, and > > found it is possible that if someone else knows I'm using CAS, he can > deploy > > his own webapp with the parameters (if I don't change the default > validation > > URLs on my CAS instance), and use my SSO service. > > > > I want to know if there is some other configuration that can prohibit > this > > happen? > > > > Thank you in advance. > > > > Best Regards, > > Jason > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
