To echo Carl's comments, I think it's a good idea to use at least a lightweight service manager. If it works for you, might I suggest the Unicon YAML Service Registry addon (it works at least with CAS 4.0.X).
Configuration is easy, assuming you're using the Maven overlay method -- one additional dependency in pom.xml, one additional config file src/main/webapp/WEB-INF/spring-configuration/servicesRegistry.xml, and the YAML services registry file itself servicesRegistry.yml (exact location specified by the aforementioned servicesRegistry.xml). More documentation can be found online (I can probably find the link for that if searching doesn't yield anything helpful). Limitations are that there's no web interface for managing services, and you need to modify the file servicesRegistry.yml to make changes (changes are recognized instantaneously when the file is changed/saved). CAS 4.1 (in development) includes a facility for service registry using a JSON file. I'm not familiar with the details of that. Milt Epstein Applications Developer Graduate School of Library and Information Science (GSLIS) University of Illinois at Urbana-Champaign (UIUC) [email protected] On Tue, 27 Jan 2015, Waldbieser, Carl wrote: > Chris, > > It is true, you don't need to use a Service Manager, but that means that > *any* service can use your CAS. This might not be what you want-- a rouge > service provider could leverage your CAS in order to fool your users into > thinking it is trustworthy service. Once authenticated, it may ask for > sensitive information. So while the rouge service can't get user's password, > it could potentially trick them into revealling other PII. > > CAS needs to run as an HTTPS site-- the TGT is stored in a secure cookie. > Services don't *have* to be HTTPS unless they want to leverage PGTs, but in > practice it makes sense to secure services in many cases. > > Thanks, > Carl Waldbieser > ITS System Programmer > Lafayette College > > ----- Original Message ----- > From: "Chris Adams" <[email protected]> > To: [email protected] > Sent: Tuesday, January 27, 2015 12:53:15 PM > Subject: [cas-user] question about Service Management > > Hello all, > > I was just looking in to building the Service Management module, as I assumed > it was required. > > I am utilizing CAS for SSO for a handful of services. From the CAS > documentation, it says: > > "It is not required to use the service management facility explicitly. CAS > ships with a default configuration that is suitable for deployments that do > not need or want to leverage the capabilities above. The default > configuration allows any service contacting CAS over https/imaps to use CAS > and receive any attribute configured by an IPersonAttributeDao bean." > > Does that mean that I don't have to register these services if I don't need > to manage them with this interface? Can I just append the URL of the service > to the CAS server login string and be done with it ? > > Also, somewhere in the docs, it said that any serviced also had to utilize > SSL. Can someone verify that ? > > Many thanks, > > Christopher Adams > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
