I would like to use X509 authentication with CAS REST API (as described 
here: https://apereo.github.io/cas/5.2.x/protocol/REST-Protocol.html). I'm 
surprised that there is a certificate parameter to the request, as I 
thought the certificate should be taken from the servlet container 
environment, as it's done for the non REST X509 authentication 

My tries show that the certificate that is passed in the REST request is 
accepted without private key owning check.

How this X509 REST authentication feature is supposed to be used, avoiding 
trivial non owner certificate use (am I missing something) ?

Many thanks in advance for any help !
Best Regards

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

Reply via email to