Hello, To greatly decrease risk to a CAS server, it should only receive clean, safe data from external elements. For example, a CAS webSSO receives SAML messages created by XYZ.com and sent from untrusted user browsers from around the world. It may also receive CRL or OCSP data to check that user's PKI. An intermediate filter can stop unwanted, dangerous data before it even reaches the CAS's NIC. Less effective but acceptable are filters within the CAS server.
Data that is safely usable by CAS must be allowed while everything else should be denied. What is the allowable text for incoming messages? Formats? Lengths? What filters exist to do this? (Besides the obvious - URLs, PPS) Thanks, Kevin Sweere, Air Force Research Lab -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
