I actually stumbled across similar behavior last week. In my case the CAS Server issued a ticket for service:
https://mydomain.com/path And the successfully validated the ticket against service: http://mydomain.com/path Even though both services had different configurations. Shouldn't this be a bug with the CAS Server? The server should refuse to validate a ticket if the the validation service URL is not exactly equal to the requesting service. This was observed against CAS Server version 3.5.2. Chad Killingsworth Assistant Director of Web and New Media Missouri State University -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user