> I didn't create a cert in the computer with the client application and added > that computer to the trust store of the computer with > cas server. Do i need to do that?
Yes. The CAS _server_ makes an SSL connection to the client to deliver the SAML LogoutRequest message, so the server needs to trust the client for the connection to succeed. While adding the exact certs to the system trust store will work, it will be much more work over time. It's much easier to add the issuer certs if possible -- those typically have lifetimes of 10 years or more, while server certs typically expire every 1-2 years. If this is all proof-of-concept work, then dealing with the server certs is reasonable. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
