Thanks for the details.. I thought through it as well and am not quite sure how to handle it yet but at first glance I wanted to make everything work by allowing any site and then take it from there because the source sites are known but it's a dynamic environment with no reliable DNS so it's not clear how to handle it yet..
For completeness how can I take the below bean and allow any? Thanks... On Mon, Jun 11, 2012 at 3:16 PM, Eric Pierce <[email protected]> wrote: > acceptAnyProxy sounds like a really bad idea for clearPass. It's one thing > to trust a site to proxy-authenticate for a user, but giving them the user's > plain-text password is a much bigger deal and should be *very* tightly > controlled. Here's the clearPassProxyList I've used in my testing > environment. It seems to work fine: > <bean id="clearPassProxyList" > class="org.jasig.cas.client.validation.ProxyList"> > <constructor-arg> > <list> > <value>https://trusted-site.example.edu/portal</value> > <value>https://another-trusted-site.example.edu</value> > </list> > </constructor-arg> > </bean> > > On Mon, Jun 11, 2012 at 1:51 PM, Misagh Moayyed <[email protected]> wrote: >> >> Sure. Replace: >> <property name="allowedProxyChains" ref="clearPassProxyList" /> >> >> With: >> <property name="acceptAnyProxy" value="true" /> >> >> The properties that you can set in the bean configuration are no different >> than what you previously had in the web.xml file. You could sort of follow >> the same pattern as above with the property 'name' and its 'value' and >> substitute your relevant config. >> >> -Misagh >> >> >> > -----Original Message----- >> > From: Brian Raymond [mailto:[email protected]] >> > Sent: Monday, June 11, 2012 8:08 AM >> > To: [email protected] >> > Subject: Re: [cas-user] Clearpass configuration for 3.5.0? >> > >> > Thanks for the details, that took care of loading the configuration, I >> > added it to my overlay and it's inserted in the WAR.. >> > >> > I did have a follow-up.. I'm a bit naive on bean definitions so if >> > someone could share a bean definition for clearPassProxyList in >> > deployerconfigcontext with what was previously acceptAnyProxy true in >> > the web.xml for 3.4 I would appreciate it. >> > >> > On Fri, Jun 8, 2012 at 3:30 PM, Misagh Moayyed <[email protected]> >> > wrote: >> > > The clearpass-webapp related changes are merged with the cas-webapp. >> > > Have you tried moving the clearpass configuration from the >> > > 'unused-spring-configuration' folder to your 'spring-configuration' >> > in >> > > the overlay? >> > > >> > > >> > > -Misagh >> > > >> > > >> > >> -----Original Message----- >> > >> From: Brian Raymond [mailto:[email protected]] >> > >> Sent: Friday, June 08, 2012 12:16 PM >> > >> To: [email protected] >> > >> Subject: [cas-user] Clearpass configuration for 3.5.0? >> > >> >> > >> I thought I would jump into 3.5.0(RC2) primarily because the LPPE >> > >> additions are great to have for stronger password management. >> > >> >> > >> In any case I updated my installation however it seems the overlay >> > >> method for clearpass doesn't work the same because there is no >> > >> clearpass-webapp. I updated to the new clearpass extension jar in my >> > >> pom but it's not bringing in the configuration needed (e.g, >> > >> credentialsCache bean) so I'm thinking something is off. >> > >> >> > >> Can anyone offer inisght for adding clearpass to a 3.5.0 install >> > >> using maven overlay? >> > >> >> > >> Thanks >> > >> >> > >> -- >> > >> You are currently subscribed to [email protected] as: >> > >> [email protected] To unsubscribe, change settings or access >> > >> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > >> > > -- >> > > You are currently subscribed to [email protected] as: >> > > [email protected] To unsubscribe, change settings or access >> > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] To unsubscribe, change settings or access archives, >> > see http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > -- > Eric Pierce > Identity Management Architect > Information Technology > University of South Florida > (813) 974-8868 -- [email protected] > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
