Mehdi Sarmadi wrote: > Thanks Michael Ströder. > > I meant about using certificates instead of token/tickets. For > example, I think Microsoft Active Directory uses such things in > combination with Kerberos. > > How about this scenario? Does CAS support/do such things?
If you decide to use SPNEGO/Kerberos the pre-authc can be done with PKINIT and e.g. smartcards. You can also directly use SSL with client cert authc: http://www.ja-sig.org/wiki/display/CASUM/X.509+Certificates Both does not affect how CAS clients are validating CAS service tickets. Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
