CAS session expiration

[Scott Battaglia]

Paul,

This is easily changed!  By default (if I recall correctly), the timeout is
6 hours.  In our WEB-INF/applicationContext.xml, there should be
ticketGrantingTicketExpirationPolicy defined where you can specify the exact
length of time.

-Scott

On 7/3/07, Paul Ortman <portman at goshen.edu> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I feel as though this question is really basic, but for some reason,
> I can't seem to find answers (maybe my Googlefoo is just weak...).
>
> Is there some configuration setting in the CAS service where I can
> specify the equivalent of:
>
>   "Once users authenticate, they will have SSO capabilities for a
>   maximum of X minutes before they will be forced to reauthenticate
>   to CAS."
>
> I would love to force that expiration timeout to be 9 hours so that
> at least if some user leaves their browser open over night, and they
> try to go to some CAS enabled site, they would need to
> reauthenticate.  I don't like the idea that an open browser can
> provide unlimited CAS logins to all of our apps accidentally.
> Obviously individual applications would also need to expire their
> sessions, but for our important in-house applications, we've already
> done this, but this is currently being defeated by CAS.
>
> Thanks in advance for the two-by-clue tapping I'm sure to receive.
>
> - --
> Paul Ortman
>
> PGP Key: 55602C81
> - --
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGikKvfw8KGlVgLIERArYDAKCT85mn3UzxsL/EKXzZoTkfSq5oqwCdFkTv
> hdqbE+PncrxwREEYSGUDQVE=
> =Ylry
> -----END PGP SIGNATURE-----
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070703/ce1adbce/attachment.html