Hi, I'm probably just missing something here but I have a question regarding the standard configuration of the 3.3 CAS server. Using the standard configuration what stops the following from happening:
1. I have a site which I know is visited by lots of students from a university that uses CAS 2. I install a CAS filter on my own site using the university's CAS server in gateway mode which takes everyone to the CAS server and back transparently. 3. The students that are logged in will bring back a ticket to my site so for every logged in student I get a ticket. 4. I take the ticket and paste into the URL of a real university site which uses CAS. 5. That site sends the ticket to the CAS server and I am logged in as the student I stole the ticket from. I am sure some aspect of CAS stops the above from happening but which aspect is it? Does the standard configuration needs to be changed in order to prevent the above scenario? Best Regards Gabriel Falkenberg _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
