Yes, you can restrict authentication to CAS by IP address. (All the normal disclaimers about the presented IP address on a web request not being reliable apply.)
You could accomplish this by a simple IP address restricting filter (Sakai has one) or you could accomplish this by other means, such as applying an Aspect to the login controller, adding a Login workflow step to examine the IP address, adding a custom credentials binder that throws on a bad remote address, using a custom Credentials that includes the Request (stored by a CredentialsBinder) and a custom AuthenticationHandler that considers this Request, using a custom Credentials that includes the IP address and binding that to the Credentials via a custom CredentialsBinder, ... The Filter is the simplest in a lot of ways and so is the route I would choose. Going with an IP address checking Login Webflow step has advantages in providing a bad IP address user experience in the context of the web flow. Andrew > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of taocore > Sent: Tuesday, July 18, 2006 1:13 AM > To: [email protected] > Subject: Can we restrict the client ip? > > Hi, > Just some ip be allowed to login the CAS. Can we do it? > Obviously, the ip should not be got from the form as part of the > credentials. > > taocore > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
