At UCR we have implemented a solution external to CAS as a Tomcat filter which checks the service against a list of approved services. If the service is not in the list, the filter takes over the connection and causes the validation to fail. When implementing this, we were trying to avoid modifying CAS directly.
-Stephen On Tue, Jan 16, 2007 at 08:02:49PM +0000, dfarr wrote: > How can I restrict which services (i.e, which web applications) my CAS > implementation is allowed to validate. > > e.g. > https://my.cas.implementation:8443/cas/login?service=http://web.app.com/securePage.jsp > where http://web.app.com/ is my service and is allowed to be validated. > > https://my.cas.implementation:8443/cas/login?service=http://someone.elses.web.app.com/securePage.jsp > where http://someone.elses.web.app.com/ is a service I can't know or want to > validate. > > Thanks > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
