• I manage CAS at our institution, and one of my colleagues who runs wordpress asked me to look at this CAS client. Browsing through the code, I see:

    if (method_exists($phpCas,’setNoCasServerValidation’))
    phpCAS::setNoCasServerValidation();

    which appears to disable SSL certificate validation for the CAS server??? Am I misunderstanding something? This plugin is described as “One of the most secure CAS plugins for WordPress”, I’d hate to see how insecure the other ones are then 8-/.

    https://www.ads-software.com/plugins/cas-maestro/

  • The topic ‘CAS SSL cert validation disabled by default??’ is closed to new replies.