[Building Sakai] CASsified Sakai : Using https for CAS Login Only

Steve Swinsburg steve.swinsburg at gmail.com
Mon Jan 17 14:24:21 PST 2011 

Its actually quite dangerous to do this.

The issue is you provide a secure login for credentials (username and password) but then all other interactions are in the clear. And the authenticated token is just as useful to an attacker which could easily be grabbed via a public wifi point.

In short, if a site requires authentication, then the whole site should be protected in order for that site to be secure.

cheers,
Steve


On 18/01/2011, at 1:30 AM, Santhanam V wrote:

> Dear Friends,
>          Can we use https only for CAS Login and then return to http for Sakai ?
>          
>           How can we do this ?. I tried following tips from http://forum.springsource.org/showthread.php?t=30680. I recompiled cas-client.jar after modifying “cas-client-java-2.1.1\src\edu\yale\its\tp\cas\util\SecureURL.java”(pl. check attachment) to use only “http”. But I am getting the following exception :
>  
>  
> javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://spagobi.amrita.edu:8443/cas/serviceValidate] ticket=[ST-1-tbE4agCeQP7jVgVHsmVt-spagobi.amrita.edu] service=[https%3A%2F%2Fspagobi.amrita.edu%3A8443%2Fsakai-login-tool%2Fcontainer] renew=false]]]
>         edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
>         org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:646)
>  
>  
>          Please help me resolve this issue.
>  
> Thanks In Advance
> With Regards
> Santhanam
>  
> P.S: Kindly ignore my previous mail (Sorry that I have hit the send button accidentally)
> <SecureURL.java>
> 
> ---------------------------------------------------------------------
> Amrita Institute Of Medical Sciences & Research Centre, Cochin, India
> 
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> 
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20110118/0b6829fc/attachment.html

More information about the sakai-dev mailing list