Hi, Thank you both for your feedbacks.
*@Marvin* : I'm certainly missing the point, but why can't we just import the certificate of the client application for a SSL check from the CAS server to the client application ? To avoid of course that the CAS server trusts all certificates certified by Verisign or another certification entity... Thanks. Best regards, Jérôme 2013/9/5 Marvin S. Addison <marvin.addi...@gmail.com> > everyone has moved away from it on the SP side - I don't think the >> back-channel port on our IdP has been used in over 6 months. >> > > I've not had the same experience. > > Instead of validating a client cert, why not store a public key (or >> certificate) for each registered service and encrypt the CAS protocol >> response? >> > > In my experience key management is far more cumbersome than network > configuration. Firewall changes are a one-time configuration change handled > by the sysadmins or networking folks. Key management, on the other hand, is > my problem. Then there's the key rotation issue; you rotate keys, right? > > M > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/**display/JSG/cas-dev<http://www.ja-sig.org/wiki/display/JSG/cas-dev> > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
