geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updated README and TODO files to reflect the current state of the

Browse Source 
project.
This commit is contained in:
Juan Carlos Luciani
2006-11-22 05:21:33 +00:00
parent cd04a3d4cf
commit cce03a7a13
19 changed files with 222 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
CASA-auth-token/server-java/Svc/README
View File

@@ -326,7 +326,19 @@ CONFIGURING ADDITIONAL IDENTITY TOKEN PROVIDERS
SECURITY CONSIDERATIONS
- TBD -
The ATS runs over Tomcat and by default receives requests over HTTPS on port 2645. For ease
of use, the basic ATS setup scrip creates a self-signed certificate to be used by SSL. The
use of self-signed certificates weakens the security properties of the SSL channel by forcing
clients to accept them. At this time, the default mode for auth_token clients is to allow
self signed-certificates. It is recommended that administrators obtain a certificate signed
by the appropriate authority and configure the ATS to use it and change the auth_token client
configuration to not accept invalid certificates to avoid this issue.
CASA Authenticatication Tokens when compromised can be used to either impersonate
a user or to obtain identity information about the user. Because of this it is
important that the tokens be secured by applications making use of them. It is
recommended that the tokens be transmitted using SSL.