Sean, If you're looking to exclude certain IP addresses from setting cookies then you should replace the existing Action that sets the cookie with one that conditionally checks IP ranges and only sets the cookie if it matches the approved list.
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, May 19, 2008 at 11:04 AM, Sean R. McNamara < [EMAIL PROTECTED]> wrote: > Hi everyone, > > We have a CASified Tomcat environment and are looking for ways to > exclude certain IP ranges from the SSO process. Basically, we're > looking for a configuration for certain services that does not require > the user to be SSO'd if they have an IP on our local network. > > I know you can do IP based access control using a tomcat valve, but, I'm > not totally sure how to make this behavior conditional and basically say: > > "If this user is from this IP range or SSO'd then they are permitted to > access resources behind the provided URL" > > Does anyone have any experience with this sort of setup? I'd > appreciate any advice.. > > Thanks very much.. > > ..Sean. > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
