> In my opinion you have to change cas-client validation source code . By this > way it will use query strings service name instead of web.xml to redirect to > domain which you want.
This strategy is fine as long as your reverse proxy is the one setting the parameter indicating the public domain. That's an important consideration since it's a trusted source of information about domain mappings. Contrast that with allowing the client to control the parameter, which carries security liabilities. Generally any information supplied by the client should be considered untrusted unless it can be verified (e.g. comparison with known value, digital signatures, encryption). M
smime.p7s
Description: S/MIME cryptographic signature
