Ok Marvin, i will do some tests. Thanks for your help. On Fri, May 21, 2010 at 3:25 PM, Marvin Addison <[email protected]>wrote:
> > I didn't create a cert in the computer with the client application and > added > > that computer to the trust store of the computer with > > cas server. Do i need to do that? > > Yes. The CAS _server_ makes an SSL connection to the client to > deliver the SAML LogoutRequest message, so the server needs to trust > the client for the connection to succeed. While adding the exact > certs to the system trust store will work, it will be much more work > over time. It's much easier to add the issuer certs if possible -- > those typically have lifetimes of 10 years or more, while server certs > typically expire every 1-2 years. If this is all proof-of-concept > work, then dealing with the server certs is reasonable. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
