I have CAS server that uses x509 authentication. Standalone, with the tomcat connector clientAuth="true" it works fine. However, when I add a client to the mix (In this case Blackboard, but other clients have the same problem) everything works fine, except when the client goes to CAS to validate a service ticket, I get a SSL bad_cert exception. This makes sense to me as the client does not have a cert that tomcat is requiring with clientCert="true"
However, when I change that to clientAuth="want" CAS is failing because no certificate is being presented. I see this in the logs, i get: 2014-08-18 16:52:14,846 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - <Certificate found in request.> Why is the cert not being presented to CAS with clientAuth="want" even though it is there? IS there a way to force certificate presentation for the login, but allow the client to simply check the service ticket? -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
