acceptAnyProxy sounds like a really bad idea for clearPass. It's one thing to trust a site to proxy-authenticate for a user, but giving them the user's plain-text password is a much bigger deal and should be *very* tightly controlled. Here's the clearPassProxyList I've used in my testing environment. It seems to work fine: <bean id="clearPassProxyList" class="org.jasig.cas.client.validation.ProxyList"> <constructor-arg> <list> <value>https://trusted-site.example.edu/portal</value> <value>https://another-trusted-site.example.edu</value> </list> </constructor-arg> </bean>
On Mon, Jun 11, 2012 at 1:51 PM, Misagh Moayyed <[email protected]> wrote: > Sure. Replace: > <property name="allowedProxyChains" ref="clearPassProxyList" /> > > With: > <property name="acceptAnyProxy" value="true" /> > > The properties that you can set in the bean configuration are no different > than what you previously had in the web.xml file. You could sort of follow > the same pattern as above with the property 'name' and its 'value' and > substitute your relevant config. > > -Misagh > > > > -----Original Message----- > > From: Brian Raymond [mailto:[email protected]] > > Sent: Monday, June 11, 2012 8:08 AM > > To: [email protected] > > Subject: Re: [cas-user] Clearpass configuration for 3.5.0? > > > > Thanks for the details, that took care of loading the configuration, I > > added it to my overlay and it's inserted in the WAR.. > > > > I did have a follow-up.. I'm a bit naive on bean definitions so if > > someone could share a bean definition for clearPassProxyList in > > deployerconfigcontext with what was previously acceptAnyProxy true in > > the web.xml for 3.4 I would appreciate it. > > > > On Fri, Jun 8, 2012 at 3:30 PM, Misagh Moayyed <[email protected]> > > wrote: > > > The clearpass-webapp related changes are merged with the cas-webapp. > > > Have you tried moving the clearpass configuration from the > > > 'unused-spring-configuration' folder to your 'spring-configuration' > > in > > > the overlay? > > > > > > > > > -Misagh > > > > > > > > >> -----Original Message----- > > >> From: Brian Raymond [mailto:[email protected]] > > >> Sent: Friday, June 08, 2012 12:16 PM > > >> To: [email protected] > > >> Subject: [cas-user] Clearpass configuration for 3.5.0? > > >> > > >> I thought I would jump into 3.5.0(RC2) primarily because the LPPE > > >> additions are great to have for stronger password management. > > >> > > >> In any case I updated my installation however it seems the overlay > > >> method for clearpass doesn't work the same because there is no > > >> clearpass-webapp. I updated to the new clearpass extension jar in my > > >> pom but it's not bringing in the configuration needed (e.g, > > >> credentialsCache bean) so I'm thinking something is off. > > >> > > >> Can anyone offer inisght for adding clearpass to a 3.5.0 install > > >> using maven overlay? > > >> > > >> Thanks > > >> > > >> -- > > >> You are currently subscribed to [email protected] as: > > >> [email protected] To unsubscribe, change settings or access > > >> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > > You are currently subscribed to [email protected] as: > > > [email protected] To unsubscribe, change settings or access > > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] To unsubscribe, change settings or access archives, > > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Eric Pierce Identity Management Architect Information Technology University of South Florida (813) 974-8868 -- [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
