Thanks Could I add that maybe the wiki mentions something about the reasons behind good practise of SSL in services?
We've recently advised an external supplier to use a CAS client against our CAS server and they have pulled up up on the fact that "in fact on page 5 of the CAS protocol specification, the example service url paramter is http%3A%2F%2Fwww.service.com......." I myself only really thought about the issue after reading posts to the cas-user mailing list. :) Kind regards nomit -- View this message in context: http://n4.nabble.com/protecting-the-cas-service-ticket-from-man-in-the-middle-attacks-tp1561525p1565946.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
