We use the services management app. When using it a service will not be authorized unless a match is found in the list of service url definitions, which take this form:
Service 1: Allow all hosts and urls from domain1.com: http://*.domain1.com/** Service 2: Allow only a single url: http://www.domain2.net/allowed/logon etc... Using the service management app also opens up the possiblity to theme the CAS login pages based on service, as each service entry has a theme attribute. Dale Flaxxed wrote: > > My organization is currently deciding on how to restrict which services > are allowed to use CAS. I know that there is the serviceRegistryDao that > is designed for this purpose and then the service manager CAS application > to help you manage this. I have told my organization about this and > someone asked if CAS could allow or deny a service based on its domain in > the service paramter to /login, /validate, etc. > > Has anyone ever thought of this or does anyone have any ideas on this > method? My vote would be to use what is already in CAS, the less > modifications the better, but I am tasked at evaluating both methods. > > I appreciate any thoughts on the matter. Thanks! > -- View this message in context: http://www.nabble.com/Service-Restriction-by-Domain--tp18900119p18911595.html Sent from the CAS Users mailing list archive at Nabble.com. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
