Reputation: 11
Enable HSTS in CAS Web application
I have a CAS (Central Authentication Service) integrated web application. The default implementation of CAS webapp login (/cas/login) is not enforced with HSTS policy (Strict-Transport-Security). Except a custom authentication handler everything else is the default implementation being used in the project. So the question that i have is where to set the HSTS header in the response.
Please do help me in this regard. Thanks :)
Upvotes: 0
Views: 283
Answers (1)
Reputation: 4318
You don't mention what version CAS [which is something very useful], but in general HSTS is supported by CAS automatically provided you turn on settings that allow it to do so. Post back your version and I'll provide a link to the docs.
The job is handled via https://github.com/apereo/cas-server-security-filter internally.
Upvotes: 0
Related Questions
- Add HSTS feature to Tomcat
- Errors when checking eligibility for HSTS preload
- How can we Enable HSTS(HTTP Strict-Transport-Security) in weblogic server
- How to make clients request over HTTPS without HSTS preload?
- Set HSTS Header on WebSphere Application Server
- How to prevent HSTS?
- Enable HTTP Strict Transport Security (HSTS) in Azure WebRoles
- How to enable HSTS (HTTP Strict Transport Security) in Tomcat + JIRA
- Stop HSTS HTTPS Enforcement
- Enabling HSTS without forcibly redirecting to HTTPS?