> I can also add a > validation code with the request and change the Trusted Authentication > Handler to check the Validation code. Let me know if we can do that.
You'll likely have to write your own authentication handler to implement that kind of functionality, but it ought to be straightforward. Just make sure your "validation code," which is an implementation of a shared secret, is cryptographically strong. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
