> I actually stumbled across similar behavior last week. In my case the CAS > Server issued a ticket for service: > https://mydomain.com/path > > And the successfully validated the ticket against service: > http://mydomain.com/path
That's unlikely related to the client security vulnerability. We would need logs from the server and possibly client(s) to say for certain. I would appreciate your starting a separate thread to discuss further. Thanks, M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user