ProxyTicket Timeout period

Scott Battaglia scott.battaglia at gmail.com
Wed Mar 14 23:12:39 EDT 2007 

Luke,

The timeout is customizable.  I don't remember what we set it to exactly (it
may be 5 minutes, I'd have to look again...I kind of just guessed 90 ;-)).

Glad you found a way to get it to work.

-Scott

On 3/14/07, Luke McLean <luke.mclean at boundless.co.nz> wrote:
>
>
> Hi Scott,
>
> I think that the penny has finally dropped for me.  As Flex is a client
> side
> application I am going to have to pass the actual PGT to it rather than
> the
> PGTIOU.  I can then move the method for getProxyTicket to Actionscript in
> the client rather than the ProxyTicketReceptor.getProxyTicket() method on
> the server.
>
> Once I have the real PGT in the clientside I can then connect via https
> with
> the CAS server to retrieve a PT prior to each call to the WebService.  As
> I
> am using Mule ESB I will then construct an Interceptor to handle the
> security checks (i.e. to ensure that the proxy in list is correct, and
> secondly to retrieve the user details that will then be passed to each
> WebService).
>
> I have done some experiments with the PT timeout and I can still use the
> PT
> (remains vaid) for a lot longer than 90 seconds...
>
> Thanks,
> Luke.
>
>
> Scott Battaglia-2 wrote:
> >
> > Hi,
> >
> > On 3/13/07, Luke McLean <luke.mclean at boundless.co.nz> wrote:
> >> My questions.
> >>
> >> 1) If a ProxyTicket is not used immediately to query a backend
> >> WebService,
> >> how long before it expires? i.e. the proxy ticket is stored on the
> client
> >> until used, which could be for some time.
> >
> >
> > The default timeout I believe is 90 seconds (its the same as the timeout
> > for
> > Service Tickets).  Its adjustable.  Why don't you just ask for a proxy
> > ticket right before its needed though?
> >
> > 2) Is it intended that a new ProxyTicket be created prior to each
> request
> > to
> >> a backend service?
> >
> >
> > Depending on the backend service, they may support sessions (or they may
> > not).  If they are stateless then you would need a proxy ticket per
> > request.  Otherwise, you could use whatever session mechanism the
> backend
> > has.  Each Proxy Ticket is only designed to be used once though.
> >
> > -Scott
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/ProxyTicket-Timeout-period-tf3398852.html#a9483292
> Sent from the CAS Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070314/51610f6b/attachment.html

More information about the cas mailing list