I would like to use X509 authentication with CAS REST API (as described
here: https://apereo.github.io/cas/5.2.x/protocol/REST-Protocol.html). I'm
surprised that there is a certificate parameter to the request, as I
thought the certificate should be taken from the servlet container
environment, as it's done for the non REST X509 authentication
My tries show that the certificate that is passed in the REST request is
accepted without private key owning check.
How this X509 REST authentication feature is supposed to be used, avoiding
trivial non owner certificate use (am I missing something) ?
Many thanks in advance for any help !
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
You received this message because you are subscribed to the Google Groups "CAS
To unsubscribe from this group and stop receiving emails from it, send an email
To view this discussion on the web visit