[cas-dev] Request for modification of online installation guide re TGT session cookie and SSL
Wulf, Konrad
konrad.wulf at businessmart.de
Mon Apr 16 08:39:15 EDT 2007
Dear Scott, dear others of the CAS development team,
We have made the following observation that the mechanism for picking up
a new service ticket when already logged into CAS while switching to
another service will _only_ work when SSL is enabled, since the TGT
session cookie is a secure one, requiring an active SSL connection.
In your guide "installing CAS" in section "Working with CAS" and section
"Demo-ing CAS"
(http://www.ja-sig.org/products/cas/server/installing/index.html), you
are giving the impression that SSL is optional for development systems.
But it is _not_ if you want a fully functional system. Perhaps you can
rewrite that section of the installation guide accordingly?
cheers,
Konrad
P.S.: Thanks for providing with CAS such a handy and useful software ;-)
More information about the cas-dev
mailing list