Hi Scott, I'm not entirely sure there's a security concern here, the service name should be checked and validated by the CAS server itself. It's how it's done here with a list of approved domains.
It would be really helpfull just have the possibility to do dynamic service name, even if it's not enabled by default. The main reason we need this is multiple domain Zimbra hosting where we have to : - Create a JSP specific for each mail domain for authentication - Duplicate all the filter and filter mappings in our web.xml for each mail domain Having the dynamic service name would allow us to use only one JSP and only one mapping in the web.xml. Thanks for your interest ----- Mail original ----- > > Since the Host header is sent by a user-agent its essentially > untrusted (which is why we often don't just use it). Recent versions > of the Java client however do allow you to specify multiple > serverNames (I think its space-delimited) and it will chose > whichever one of those matches the host header. > > > > On Thu, Apr 17, 2014 at 9:14 AM, Mathieu LARCHET < > [email protected] > wrote: > > > Hi guys, > > I'm a long time user of the Java CAS filter, and I'm running into > kind of a problem. > > With every other CAS module (PHP, Apache), I can configure it without > setting the service name. In this case, it's automatically > constructed from the URL of the request. > > But with Java CAS filter, I can't do that. I have to set it > explicitely, which can be really painful when your application is > accessed from different virtual hosts. > > I think the service name (or server name) should be optional. If not > defined, the filter should construct it from the request. If > defined, only this value should be used. > > The service name is computed in the constructServiceUrl method of the > AbstractCasFilter class, and this method is final so there's no way > to sublass any filter and override it. > > Regards, > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- Mathieu LARCHET Direction du Numérique Sous-Direction des Infrastructures -- 24-30 rue Lionnois 54003 Nancy Cedex -- Tel : 03 83 68 53 82 Mail : [email protected] -- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
