The mod_auth_cas will validate the CAS server's certificate if "CASValidateServer On" is set in the cas.conf file. The java filters don't seem to have this feature.
Because of this I believe that setting "CASValidateServer Off" is not really a "bad thing". I am still having trouble getting my mod_auth_cas installation to work if "CASValidateServer On" is set. I am currently getting this error in my apache error_log file: [Wed Aug 25 10:04:25 2010] [error] [client 128.110.140.67] MOD_AUTH_CAS: Certificate CN does not match xxx.utah.edu I have set "CASAllowWildcardCert On" in the cas.conf file. The CN on my CAS server certificate is *.utah.edu. Any thoughts? Cheers, Bryan Wooten [email protected] Work: 801.585.9323 Cell: 801.414.3593 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
