Thanks for the quick response. I wish I had a choice about the http registrations. Change happens very slowly here. I have to do more testing. I've had inconsistent behavior when dealing with subdomains within the Princeton.edu space (*.cs.princeton.edu) and using the wildcard *.princeton.edu, which is what prompted me to ask the question in the first place. Thanks again.
-----Original Message----- From: Marvin Addison [mailto:[email protected]] Sent: Monday, March 23, 2009 10:02 AM To: [email protected] Subject: Re: [cas-user] Quick question regarding CAS service registry wildcards If you want all http/https services in the priceton.edu domain, the following two entries should suffice: http://*.princeton.edu/** https://*.princeton.edu/** We use a similar strategy here at Virginia Tech to register everything in the vt.edu namespace and it works well. I would note, however, that we do _not_ allow services that run over plaintext http. The CAS documentation states that ticket delivery/validation MUST happen over a secure channel, and it is only those steps that apply to service validation. So you may want to reconsider your http registrations. (Note that this does not preclude using the application over plain http after the authentication step.) M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature
