Mike,
That smells like a bug to me. SAML allows for any valid URI, which that
clearly is, and I've seen much worse registered and used successfully with
SAMLtest.
docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
So, I think your theory is correct.
Take care,
Nate
On Thu,
> The only back end ticket storage I implemented that is sharable across nodes
> is the CouchDB implementation. I have theorized that you could use something
> like "BigCouch" to scale up the application state in this case.
I bet you could. I don’t think it needs to be normative because
Howard,
> All the client does is to know its own name, and the CAS server does the rest.
> it sort of didn’t matter how many hands the message passed through on its way
> to the intended destination.
Yes, that’s a key difference. CAS works more like SAML artifacts or OAuth.
Are the
All,
Is there something in the CAS protocol to prevent a client from taking a
ticket issued to a user for them and then playing that ticket to another
service? Analogous to Audience in SAML land.
Thanks in advance,
Nate.
--
You received this message because you are subscribed to the Google