> What do you think about putting my server in front of Internet? I used to put > my webserver behind my ISA Server and in this case, I have problem to put the > same certificat on ISA Server and Tomcat.
If you're asking whether Microsoft ISA server adds any security value to your CAS deployment, then I would say that it may add some security in depth to the solution; for example it could be a place to add heuristics to detect attack vectors that cannot be mitigated directly in Java, Tomcat, or other network accessible software components. As for the degree of value, I don't know enough about ISA server to say. If you're asking whether the CAS server should be accessible on the public Internet, then I think that's a question only you could answer based on the project requirements. M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
