Hi, I would like to use X509 authentication with CAS REST API (as described here: https://apereo.github.io/cas/5.2.x/protocol/REST-Protocol.html). I'm surprised that there is a certificate parameter to the request, as I thought the certificate should be taken from the servlet container environment, as it's done for the non REST X509 authentication (https://apereo.github.io/cas/5.2.x/installation/X509-Authentication.html)
My tries show that the certificate that is passed in the REST request is accepted without private key owning check. How this X509 REST authentication feature is supposed to be used, avoiding trivial non owner certificate use (am I missing something) ? Many thanks in advance for any help ! Best Regards -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/69b3f5b4-fdbb-4486-bf89-1c48516a896c%40apereo.org.
