We should also mention the required response codes (I.e the endpoint is actually valid)
Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Marvin Addison <[email protected]> Date: Fri, 07 May 2010 07:51:48 To: <[email protected]> Subject: Re: [cas-dev] Incomplete Proxy CAS Walkthrough > It would probably also be good to emphasize that the request to the > proxy callback URL is only made if it is protected by SSL with a valid > certificate that the server can verify, including any necessary > certificate chain. +1 for briefly and explicitly stating the requirements mentioned in 2.5.4 of http://www.jasig.org/cas/protocol, which includes your point about certificate trust. Those requirements bite a _lot_ of folks, so mentioning them repeatedly would be helpful. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
