> Oh interesting. When is it appropriate/not necessary to use the > proxyCallbackUrl?
It's necessary and appropriate only in the case where you want your CAS client to authenticate other services on the user's behalf -- this is the CAS proxy feature. > I thought that was how your client apps knew the ticket is valid. The client knows the ticket is valid by sending a message to the server. In the proxy case, the server additionally sends a message to the client at the callback URL. There are few requirements for the proxy URL to validate correctly: - Must be https scheme - The cert on the client must be trusted by the server - Client must return a 200 HTTP response It is entirely possible for a proxying CAS client to authenticate properly (validate its service ticket) and fail proxy ticket validation (fail to get PGTIOU). M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
