Scott Battaglia wrote: > I believe we've answered multiple times that it is NOT recommended to > capture user credentials and submit them and then create a CAS session > for the user. CAS is the only thing that should be creating a CAS > session for the user. Its a security risk for anyone to have the TGT > other than the user and the CAS server. We go through great extends to > NOT allow it.
I second this! When reading questions about how to circumvent the CAS server for logins I always wonder why the hell people are using a SSO component at all. Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
