Hi Scott,
I'm not entirely sure there's a security concern here, the service name should
be checked and validated by the CAS server itself. It's how it's done here with
a list of approved domains.
It would be really helpfull just have the possibility to do dynamic service
name, even if it's no
Since the Host header is sent by a user-agent its essentially untrusted
(which is why we often don't just use it). Recent versions of the Java
client however do allow you to specify multiple serverNames (I think its
space-delimited) and it will chose whichever one of those matches the host
header.
Hi guys,
I'm a long time user of the Java CAS filter, and I'm running into kind of a
problem.
With every other CAS module (PHP, Apache), I can configure it without setting
the service name. In this case, it's automatically constructed from the URL of
the request.
But with Java CAS filter, I c
