Restricting SPNEGO to certain ip networks
21 views
Skip to first unread message
Antti Sirviö
Sep 7, 2017, 2:41:58 PM9/7/17
to cas-...@apereo.org
Hi,
I'm running CAS 5.1.2 with SPNEGO configured, now I want to restrict SPNEGO behaviour to certain ip networks on, and provide normal authentication form to others. I tried with following config entry to match 192.168.1.0 - 192.168.99.255:
cas.authn.spnego.ipsToCheckPattern=192\.168\.[1-9][0-9]?\.+
But it seems that SPNEGO is still offered for clients outside that regexp range. What I'm missing, is this right way to establish wanted behaviour?
Br,
Antti
Bergner, Arnold
Sep 8, 2017, 2:42:59 AM9/8/17
to cas-...@apereo.org
Hi,
I don't know about SPNEGO, but it seems you're matching multiple dots at the end. Maybe add another dot to match IP addresses?
Also, I've been successful with round brackets in other places. Maybe try this:
192\.168\.(1-9)(0-9)?\..+
Regards Arnold
-----Ursprüngliche Nachricht-----
Von: cas-...@apereo.org [mailto:cas-...@apereo.org] Im Auftrag von Antti Sirviö
Gesendet: Donnerstag, 7. September 2017 20:42
An: cas-...@apereo.org
Betreff: [cas-user] Restricting SPNEGO to certain ip networks
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1504809719265.5860%40lut.fi.
I don't know about SPNEGO, but it seems you're matching multiple dots at the end. Maybe add another dot to match IP addresses?
Also, I've been successful with round brackets in other places. Maybe try this:
192\.168\.(1-9)(0-9)?\..+
Regards Arnold
-----Ursprüngliche Nachricht-----
Von: cas-...@apereo.org [mailto:cas-...@apereo.org] Im Auftrag von Antti Sirviö
Gesendet: Donnerstag, 7. September 2017 20:42
An: cas-...@apereo.org
Betreff: [cas-user] Restricting SPNEGO to certain ip networks
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1504809719265.5860%40lut.fi.
Reply all
Reply to author
Forward
0 new messages