> I am sure the certificate is trusted. I mention certificate trust because it's probably the most common cause of proxy callback errors we see on the list. Despite your surety, I would recommend you conduct and SSL trace on the server side if you continue to have problems.
> Does the proxy callback URL must be under the same domain with CAS Server? No > And does it must be access by https protocal too? Yes > What's the main purpose of the proxy callback URL? It's a way to verify that the client is someone the CAS server trusts. There's nothing other than an HTTPS URL in the proxy request, so PKI trust is the best you can do in general. Some sort of trust verification must be performed because the CAS server is delegating authentication to a third party (the requesting service), which should not be taken lightly. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
