Your proxyCallbackUrl approach?
Scott Battaglia
scott.battaglia at gmail.com
Fri Aug 10 12:24:07 EDT 2007
Tom,
It should be safe to store them in some form of storage, whether its
database or memory as long as its secure and trusted. The method is
specific to the CAS client.
For example, a PL/SQL client may have to store it in a database to make it
accessible. On the other hand, a Java client could store everything in a
static in-memory hashmap.
-Scott
On 8/8/07, Tom O'Brien <tomo at berkeley.edu> wrote:
>
> Hi folks,
>
> I'm just getting started with the CAS proxy approach and was
> wondering if folks had preferences about whether to set the
> pgtIou/pgtId pair as application variables that the proxying app can
> access directly (I'm currently using my calling app as the
> proxyCallbackURL as well), or whether the proxyCallbackUrl should
> store these in a db for lookup by the proxying app. Is the former
> dangerous (it seems like an SSL proxying app shouldn't need this step
> if it can get the pair itself via the indirect method?) or is there
> something else I should consider?
>
> Thanks!
>
> Tomo
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070810/e4796b87/attachment.html
More information about the cas
mailing list