Hi Ray, We are using cas:v5.2.6 in our development environment and it is working fine, so we are planning to move our production environment for that process, we need to implement some security settings or fixes as per our security team.
For testing CSRF is highly concerned for us and they provided code that need to be saved it in html and execute it. Submission of the form via CSRF will request a service scope. Supply https://*.<domain name> and resubmit the request, and you will receive the TGT, which can be used to receive a valid bearer token that can be used for subsequent requests. So we need to prevent this from happening, can you please help me to resolve this issue. Regards, Raheem Shaik On Mon, Dec 16, 2019 at 11:12 PM Ray Bon <[email protected]> wrote: > Raheem, > > Can you provide scenario where this would be an issue? > > Ray > > On Mon, 2019-12-16 at 09:27 -0800, Raheem Shaik wrote: > > I did not get any response for this, can some one provide guide or docs to > me . > > On Thursday, December 12, 2019 at 12:07:19 PM UTC+5:30, Raheem Shaik > wrote: > > Can you please provide any document to prevent CSRF for CAS v5.3.10 or > Any steps to add cas.properties to achieve this. > > > Regards, > Raheem Shaik > > > > ******************************************** > > > > *Inmar Confidentiality Note*: This e-mail and any attachments are > confidential and intended to be viewed and used solely by the intended > recipient. If you are not the intended recipient, be aware that any > disclosure, dissemination, distribution, copying or use of this e-mail or > any attachment is prohibited. If you received this e-mail in error, please > notify us immediately by returning it to the sender and delete this copy > and all attachments from your system and destroy any printed copies. Thank > you for your cooperation. > > > > *Notice of Protected Rights*: The removal of any copyright, trademark, > or proprietary legend contained in this e-mail or any attachment is > prohibited without the express, written permission of Inmar, Inc. > Furthermore, the intended recipient must maintain all copyright notices, > trademarks, and proprietary legends within this e-mail and any attachments > in their original form and location if the e-mail or any attachments are > reproduced, printed or distributed. > > > > ******************************************** > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e3f31382452445f0fabc596d783c20db1bcb6e5.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e3f31382452445f0fabc596d783c20db1bcb6e5.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- ******************************************** *Inmar Confidentiality Note*: This e-mail and any attachments are confidential and intended to be viewed and used solely by the intended recipient. If you are not the intended recipient, be aware that any disclosure, dissemination, distribution, copying or use of this e-mail or any attachment is prohibited. If you received this e-mail in error, please notify us immediately by returning it to the sender and delete this copy and all attachments from your system and destroy any printed copies. Thank you for your cooperation. *Notice of Protected Rights*: The removal of any copyright, trademark, or proprietary legend contained in this e-mail or any attachment is prohibited without the express, written permission of Inmar, Inc. Furthermore, the intended recipient must maintain all copyright notices, trademarks, and proprietary legends within this e-mail and any attachments in their original form and location if the e-mail or any attachments are reproduced, printed or distributed. ******************************************** -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD_gEK5VBiYK4uAWpAhAGXN3eL5no_rB%2B2kgHO%3DUvpEYHKNLJg%40mail.gmail.com.
