Hi, We've been trying to implement EAP-TTLS RADIUS authentication in CAS. Although the process works using the JRadius Extended API (which exposes the EAPTTLSAuthenticator), we've discovered a problem inside CAS.
According to the relevant RFCs, each request needs to reestablish a tunnel. I've had a word with David Bird from Coova (who maintains JRadius) and he has confirmed that every request should start a new instance of the EAPTTLSAuthenticator. I have not checked the RFCs for PAP authentication (which is the default for RADIUS support in CAS), but I suspect that CAS needs to release and then recreate the authenticator. How do we do this? :-) With Regards Stefan -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
