> I have been checking around the CAS documentation, but I am not finding > anything dealing with Certificate Revocation Lists. Does CAS support the > ability to utilize CRLs?
Yes. I developed support for CRL checking a while back, but have neglected to document it. There's a lot to consider in terms of system configuration that balances security and availability, but it's straightforward to get started. The sample deployerConfigContext.xml that ships with the X.509 provides an example: https://github.com/Jasig/cas/blob/master/cas-server-support-x509/src/main/resources/deployerConfigContext.xml Please review and let me know if you have questions. At present, the components can only fetch CRL data over HTTP/HTTPS, but there is an open issue to support CRL data stored in an LDAP directory, https://issues.jasig.org/browse/CAS-985. Let me know if you need support for LDAP. M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
