Tom, It should be safe to store them in some form of storage, whether its database or memory as long as its secure and trusted. The method is specific to the CAS client.
For example, a PL/SQL client may have to store it in a database to make it accessible. On the other hand, a Java client could store everything in a static in-memory hashmap. -Scott On 8/8/07, Tom O'Brien <[EMAIL PROTECTED]> wrote: > > Hi folks, > > I'm just getting started with the CAS proxy approach and was > wondering if folks had preferences about whether to set the > pgtIou/pgtId pair as application variables that the proxying app can > access directly (I'm currently using my calling app as the > proxyCallbackURL as well), or whether the proxyCallbackUrl should > store these in a db for lookup by the proxying app. Is the former > dangerous (it seems like an SSL proxying app shouldn't need this step > if it can get the pair itself via the indirect method?) or is there > something else I should consider? > > Thanks! > > Tomo > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
