Hi List: There is an iOS app that requests users to enter our institution's credentials, and subsequently proxy authenticates, via a home server, to a CAS integrated application (and scraps for class schedule).
The iOS caches the credentials on the iOS app and/or home server (a la phishing if captured). Aside from user education, are there potential steps to mitigate this occurring? Implementing 2F or CAPCHA-type may not be customer support practical/accessibility, on a broad scale, and to all applications. Blocking the home server via IP, or if unique header, would be whack-a-mole -- with the ease to spin new servers/tunnel and/or change headers. Thanks. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/EC0CBF4FEE159740B93D387CA8E3018601E1A0EE67%40exch-mbx07p.ead.ubc.ca.
