You should be able to set the CASValidateURL to use the proxyValidate
service of the cas server. This will in effect allow both direct acces
and also proxied access to the services:
CASValidateURL https://yourcas.org/cas/proxyValidate
This will allow the application to be proxied by _any_ other valid cas
proxy in your cas domain. This might be a security problem because
normally you would want to limit which apps can proxy certain services.
However if i read your mail correct you should always be able to casify
any servlet with the web.xml method[1]. It's a transparent filter
through the web container (tomcat, jboss etc.) around your servlet. The
java client supports to be proxied with all features.
Regards,
Joachim
[1]https://wiki.jasig.org/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml
On 16.06.2012 03:28, Phil Ames wrote:
+cas-users
Someone on this list may have done something similar. Depending on how
proxied things need to be you might be able to put a CAS proxy in front
of m-a-c but right now it will gobble tickets for services behind it.
On Jun 15, 2012 7:06 PM, "Garey Mills" <[email protected]
<mailto:[email protected]>> wrote:
Hi -
I am trying to CAS protect a service used by a portal. The
portal is a servlet and can be CAS protected, but the service is a
complex servlet which I have not been able to CAS-protect.
I thought my solution was to put the service behind a
CAS-protected reverse proxy using Apache httpd and mod_auth_cas. But
I believe that I have discovered that the portal will need to
CAS-proxy the service, which requires the service to allow itself to
be 'CAS proxied'.
Unfortunately, documentation states that mod_auth_cas does not
allow itself to be 'CAS proxied'. Is this really the case? Will
mod_auth_cas allow itself to be proxied in the near future? What's
required to that to happen?
--
Garey Mills
Library Systems Office
UC Berkeley
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
