> When CAS grant a ticket after a successful login, is the ticket signed with > a server x.509 cert?
There is no cryptographic signatures of any kind on the tickets. Although CAS and Kerberos are conceptually similar, ticket signing is a notable difference. CAS tickets are effectively shared secrets between the server and client; all validation happens on the server where the ticket is valid if the server has a record of it being granted to the client that presents it. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
