Then we are succeeding if we're even confusing security! :-) You should be able to configure it however you'd like. From a user perspective though, if someone hits the wrong page, with an application the size of CAS, there's a very high likelihood they meant to go to the login page anyway. Other than services management there is only one publicly facing URL.
On Fri, Aug 30, 2013 at 1:09 PM, Tom Poage <[email protected]> wrote: > It seems CAS has longstanding behavior to redirect requests for > non-existing content to /cas/login vs. issue a 404. > > Curious, is there a security/design/... reason for doing so? > > The basis of the question is an observation by one of our security team > that it throws off scanning software we use. > > Thanks. > Tom. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
