Thanks Michael Ströder. I meant about using certificates instead of token/tickets. For example, I think Microsoft Active Directory uses such things in combination with Kerberos.
How about this scenario? Does CAS support/do such things? On Tue, Nov 18, 2008 at 1:57 PM, Michael Ströder <[EMAIL PROTECTED]> wrote: > > Mehdi Sarmadi wrote: > > I'm wondering if a Certificate Authority Server has a role in CAS or > > other SSO solutions architecture? > > Normally a CA signs the server certs needed for deploying HTTP over SSL. > > > Is it essential or best practice to have Certificate Authority Service > > inside the architecture or better and enough just to have SSO and SSL > > certificates signed by public providers like Verisign? > > Your SSL server certs can be signed by any CA. But the root CA's cert > has to be installed as trust anchor in each CAS-ified application (CAS > client) and the web browsers of the end users. > > Ciao, Michael. > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Mehdi Sarmadi _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
