> My team has implemented CAS 3.5.1. We have a requirement to enable PKI > functions for our web application authentication (logon process). > 1. Does CAS 3.5.1 support X.509 certificate authentication? If so, I’m > seeking documentation other than from here: > http://jasig.github.io/cas/4.1.x/installation/X509-Authentication.html > .....or > <http://jasig.github.io/cas/4.1.x/installation/X509-Authentication.html%20.....or> > is this documentation backward compatible with 3.5.1?
Yes. Generally, you want to try with the following: https://wiki.jasig.org/display/CASUM/X.509+Certificates <https://wiki.jasig.org/display/CASUM/X.509+Certificates> Though I imagine most of what’s available for 4.1 is applicable to 3.5.x > 2. Regarding the documentation link above, I’m curious if CRL Fetching > Configuration can be setup to utilize OCSP? (anticipating token issued from > CA, includes an OCSP responder URL found in X.509 AIA extension OID). If you can write a fetcher that does OCSP, sure. By default, there is no support for that kind of thing. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user