Hi All, I have a question regarding the security of the TGT cookie in CAS. For CAS communications we are using https. All redirects using post instead of get. I can see CAS client is doing a tampering validation with the service ticket. But if somehow i can obtain a TGT cookie(its not encrypted) from database(we are using JPATicketRegistry), when first request goes to CAS with gateway=true I can use tamper data and edit cookie to include CASTGC=TGT-432-sGScVyV7TfwaLWeDpCmEdim2twNCmPtB0bsrdfzi4ZavvwZTgA-cas in the Header so that CAS will correctly validate in and login.is there any way to prevent hacking of tickets other than restricting acess for the tables from DB side. Is there any encryption possible by configuration in CAS. Regards Hari
-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
