Allow the callback endpoint URL the option to specify a socket factory/hostname verifier

Description

Allowing a custom factory on the outbound URL allows validation of https/ssl to be skipped through a custom TrustManager implementation. While the HTTP-based handle allows for non-secure urls, this setting is still useful for development and testing and in cases where CAS clients "require" https callbacks for proxy authentication. A custom ssl factory allows the option of, in this scenario, skipping keys and certs between the server and the respective client.

Alternatively this may be achieved by a custom servlet listener that adjusts the ssl factory for all instances of Https URLx but that would be a global change and not without side effects.

In addition to the socket factory option, allowing a hostname verifier would also be relevant, much like the way the current Java CAS client does.

Environment

None

Status

Assignee

Misagh Moayyed

Reporter

Misagh Moayyed

Labels

None

Estimated End Date

None

Audience

None

Components

Fix versions

Affects versions

3.5.1
3.5.0

Priority

Major