Can we pull out what we did for the client into its on lib and use it in both?
On Tue, Dec 20, 2011 at 9:18 AM, Marvin Addison <[email protected]>wrote: > > I don't think this is going to work. > > > >> pgtUrl=https://192.168.1.242:8443/test.html > > > > You'll need to identify 192.168.1.242 by a hostname that its SSL > certificate authenticates, so that when CAS attempts to itself do an HTTPS > GET request to that URL it is able to successfully validate the SSL > certificate. > > We may want to consider adding HostnameVerifier hooks to the proxy > callback. While this particular use case isn't something we'd be > interested in supporting, I can imagine that there could be valid > needs for more flexible hostname verification techniques on SSL > connections. For example, wildcard certificates that apply to > subdomains is one that comes to mind. (JSSE by default only supports > wildcards in the same domain scope.) > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
