A relatively general solution to lock down the CAS server would be the Services Management tool. You currently can't tell it to lock down an application/protocol combination though, just to restrict access to CAS to particular URLs. If you're not overly picky on who uses OpenID besides things "under your control" then it might meet your needs.
Cheers, Scott On Thu, Jun 14, 2012 at 9:50 PM, Joe Osowski <[email protected]> wrote: > I have a requirement to implement openID, but only for specific websites. > That is... I have a large collection of internet properties that need > authentication and support openID. I want the users of all these > properties to have the ability to use my openID server. But I don't want > users of a property outside of my control to use my openID server. > > I'm investigating the cas architecture and I see a few potential > solutions. But I figured I would ask the experts as well. Perhaps > overriding a class, or would there be a simpler solution perhaps in the > loginFlow to check for specific host names? > > Thanks > Joe > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
