cas version: v5.3.16
cas-server-support-token-core / JWTTokenTicketBuilder[1] use cas-client TicketValidator to validate service ticket, which issue an http request to the server itself. That's not good, there is a performance impact. I think it'll be better if server validate the service ticket locally, not http request to itself. [1]: https://github.com/apereo/cas/blob/v5.3.16/support/cas-server-support-token-core/src/main/java/org/apereo/cas/token/JWTTokenTicketBuilder.java -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7d3da75b-0a83-42b6-806c-fcef84a4358fn%40apereo.org.
