No production CAS instance should be not running over https. Would
predicating a message on
! HttpServletRequest.isSecure()
http://download.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#isSecure()
<http://download.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#isSecure%28%29>
work? In case where CAS running over insecure channel (http://), show
the SSO-won't-work-because-not-https message, figuring this will
inconvenience zero production deployments, all of which will be running
over https. isSecure() should return the correct value even when SSL is
being offloaded to something fronting the servlet container (is this
enough universally true?)
Andrew
On 06/21/2011 12:38 PM, Marvin Addison wrote:
...
As a compromise, how about one-time messages driven by some kind of
simple logic implemented in code.
M
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user