On Dec 7, 2009, at 9:38 AM, [email protected] wrote: > > Hi > > We are using Cosign as a Filter in our tomcat installation. We are currently > using the version 2.0 > and it's working. > > We are running on Windows and I can't use the Apache Filter. > What I need now is that I can forward the ticket to a webservice for > authentication. I saw that in Version 3 > there is the possibility to define a directory for the ticket cache. Is there > also such a possibiliy in Version 2 ? > I need to forward the ticket in the authentication header to the webservice.
Support for Kerberos tickets in the Java filter was added in version 3.0. I can't say whether backporting those changes is worth your time, but I should remind you that all versions of cosign prior to 3.0 have a flaw permitting session fixation attacks. I encourage you to upgrade to cosign 3 as soon as possible. andrew ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
