Hello all,
From what I understand, a certificate
is treated as valid if current time (when checking) is between
certificate's creation and expiration time. So if a revoked
certificate has not expired yet, is considered valid and access is
granted, when using X509 authentication. Is there any way to prevent
users from logging into CAS when presenting revoked certificates?
Thanks,
Pavlos
(Server Configuration: CAS 3.2.1,
Tomcat 6.0.14 with APR support)
_______________________________________________
cas-dev mailing list
cas-dev@...
http://tp.its.yale.edu/mailman/listinfo/cas-dev
