I have a question concerning best practice in regards to registering services with CAS.
We have had a consultant configuring a CAS 4.0 installation for my institution for providing authentication to approximately 20-30 services. I anticipated that CAS would be configured so that services would need to be registered in some sort of registry, either in memory (serviceRegistryDao bean), LDAP, some other database, or in a file. Instead, the consultant delivered the product to us so that any service is allowed to authenticate to the server. Is the practice of allowing any service to be granted a service ticket a common, acceptable practice? If not, are certain service registry types (local file vs database vs ...) advisable over others? -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
