> Hum.. then I guess I'm confusing CAS tickets with SAML tokens.
AFAIK, SAML artifact handles are not encrypted or signed. They're
simply cryptographically strong random identifiers. SAML messages, on
the other hand, can be either signed or encrypted. It's important to
note that the CAS server
-Original Message-
From: Marvin Addison [mailto:marvin.addi...@gmail.com]
Sent: Tuesday, May 25, 2010 11:03 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] cas tickets x.509
> When CAS grant a ticket after a successful login, is the ticket signed
with
> a server x.50
> When CAS grant a ticket after a successful login, is the ticket signed with
> a server x.509 cert?
There is no cryptographic signatures of any kind on the tickets.
Although CAS and Kerberos are conceptually similar, ticket signing is
a notable difference. CAS tickets are effectively shared secr
I'm not sure how to ask this question, so here it goes anyway
When CAS grant a ticket after a successful login, is the ticket signed
with a server x.509 cert?
If so, does it use the default tomcat cert used for SSL, or did I miss
something in the configuration?
Does it encrypt the ti
