We would need logs to confirm this. The service should be doing an extract string match.
Cheers, Scott On Mon, Aug 11, 2014 at 12:40 PM, Chad Killingsworth < [email protected]> wrote: > I actually stumbled across similar behavior last week. In my case the CAS > Server issued a ticket for service: > > https://mydomain.com/path > > And the successfully validated the ticket against service: > > http://mydomain.com/path > > Even though both services had different configurations. > > Shouldn't this be a bug with the CAS Server? The server should refuse to > validate a ticket if the the validation service URL is not exactly equal to > the requesting service. > > This was observed against CAS Server version 3.5.2. > > Chad Killingsworth > Assistant Director of Web and New Media > Missouri State University > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
