Does a CA has any role in CAS architecture?
Michael Ströder
michael at stroeder.com
Tue Nov 18 07:10:46 EST 2008
Mehdi Sarmadi wrote:
> Thanks Michael Ströder.
>
> I meant about using certificates instead of token/tickets. For
> example, I think Microsoft Active Directory uses such things in
> combination with Kerberos.
>
> How about this scenario? Does CAS support/do such things?
If you decide to use SPNEGO/Kerberos the pre-authc can be done with
PKINIT and e.g. smartcards.
You can also directly use SSL with client cert authc:
http://www.ja-sig.org/wiki/display/CASUM/X.509+Certificates
Both does not affect how CAS clients are validating CAS service tickets.
Ciao, Michael.
More information about the cas
mailing list