> I don't think this is going to work. > >> pgtUrl=https://192.168.1.242:8443/test.html > > You'll need to identify 192.168.1.242 by a hostname that its SSL certificate > authenticates, so that when CAS attempts to itself do an HTTPS GET request to > that URL it is able to successfully validate the SSL certificate.
We may want to consider adding HostnameVerifier hooks to the proxy callback. While this particular use case isn't something we'd be interested in supporting, I can imagine that there could be valid needs for more flexible hostname verification techniques on SSL connections. For example, wildcard certificates that apply to subdomains is one that comes to mind. (JSSE by default only supports wildcards in the same domain scope.) M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
