On 07/02/2015 14:43, Jorj Bauer wrote:
>>> So yes, it was clearly intentional; and it looks like it should also be
>>> handling quotes properly. Can you send me a config file that's being
>>> improperly parsed?
>>
>> We could but it would make little sense to you since the requirement for
>> the
Let me clarify that I'm not saying CAS is deficient or that the extra
stuff done by cosign is strictly necessary. I'm just saying why cosign
does some of the things the way it does; there are, of course, other
ways to do things.
On 2015-02-07 11:35, Tom Boutell wrote:
>> In addition to the c
Thanks for the thoughtful response.
> The risk isn't with redirects, it's when the client web server contacts
> the central weblogin server to verify the service cookie (ticket, in CAS
> parlance, if I understand things correctly). CAS does this verification
> via HTTPS, so that the client web se
>> So yes, it was clearly intentional; and it looks like it should also be
>> handling quotes properly. Can you send me a config file that's being
>> improperly parsed?
>
> We could but it would make little sense to you since the requirement for
> the parsing of quoted strings is a result of lo
