Hi, When I debug PolicyBasedAuthenticationManager.authenticateInternal I did noticed three authentication handlers. 1) My Custom AuthenticationHandler 2 ) ClientAuthenticationHandler 3 ) HttpBasedServiceCredentialsAuthenticationHandler
I'm only using my customer handler and ClientAuthenticationHandler. I do not see #3. How do I turn off HttpBasedServiceCredentialsAuthenticationHandler completely? I'm worried that hackers can send HttpClientCredential to get access to the system. Also I did notice that PolicyBasedAuthenticationManager has log.error when we enter bad password which I also want suppress this logging. Thanks Rao -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb82166f-7705-43a5-91d1-f6621727230b%40apereo.org.