CAS ask me for authentication evey time
Scott Battaglia
scott_battaglia at rutgers.edu
Thu Jul 6 11:27:31 EDT 2006
Andrew Petro wrote:
>> I’ve changed this parameter (from value 1 to value 1000)
>> in the serviceTicketExpirationPolicy bean:
>>
>
> <!-- This argument is the number of times that a
> ticket can be used before its considered expired. -->
> <constructor-arg index="0" value="1000" />
>
> I don't think you wanted to do that. I've forgotten why this is
> configurable, why you'd ever want a service ticket to be multiply usable.
> Service tickets are a quick transactional authentication token whereby you
> bootstrap general CAS SSO authentication to a specific authenticated session
> with your web application. Your web application should then manage its own
> authenticated session and not require that particular service ticket to be
> multiply validatable.
>
Service Tickets like any other Ticket take an "ExpirationPolicy", which
determines when they are to be considered expired or not. The policy
used for expiration in CAS2 was generalized for CAS 3 into a "Timeout or
Number of Uses policy" (there are also other implementations of the
ExpirationPolicy interface or you could use this policy for TGTs). The
default values are the same as they were for CAS2. However, they are
customizable because of the generalization of the policy (most people
would probably only customize the timeout and not the number of uses).
-Scott
More information about the cas
mailing list