REST + X509 authentication
19 views
Skip to first unread message
Sla
May 28, 2018, 8:42:11 AM5/28/18
to CAS Community
Hi,
I would like to use X509 authentication with CAS REST API (as described here: https://apereo.github.io/cas/5.2.x/protocol/REST-Protocol.html). I'm surprised that there is a certificate parameter to the request, as I thought the certificate should be taken from the servlet container environment, as it's done for the non REST X509 authentication (https://apereo.github.io/cas/5.2.x/installation/X509-Authentication.html)
My tries show that the certificate that is passed in the REST request is accepted without private key owning check.
How this X509 REST authentication feature is supposed to be used, avoiding trivial non owner certificate use (am I missing something) ?
Many thanks in advance for any help !
Best Regards
I would like to use X509 authentication with CAS REST API (as described here: https://apereo.github.io/cas/5.2.x/protocol/REST-Protocol.html). I'm surprised that there is a certificate parameter to the request, as I thought the certificate should be taken from the servlet container environment, as it's done for the non REST X509 authentication (https://apereo.github.io/cas/5.2.x/installation/X509-Authentication.html)
My tries show that the certificate that is passed in the REST request is accepted without private key owning check.
How this X509 REST authentication feature is supposed to be used, avoiding trivial non owner certificate use (am I missing something) ?
Many thanks in advance for any help !
Best Regards
Reply all
Reply to author
Forward
0 new messages