Hi,
Please find below the artifacts and their version number used by me.
CAS Server 3.4.11 (Running on Apache 5.5.28)
CAS Client 3.2.1 (Integrated with my host application running on JBOSS 5.1.0.GA
Below are the steps/flow of the process followed by me.
1. Login into CAS server by accessing the
I have a tomcat instance which I've configured container managed
security on by setting up the conf/context.xml as follows
WEB-INF/web.xml
https://hostname:443/cas/login";
casServerUrlPrefix="https://hostname:443/cas/";
serverName="hostname"
/>
Normally, only registered service urls are allowed to use Cas. Cas
logout is initiated from these applications. So how can an attacker
inject a malicious logout redirect URL?
The present discussion isn't focused on registered apps behaving badly.
On the contrary, it's about the crafting of a lin
