How is idle timeout supposed to work
Troy Bull
troy.bull at gmail.com
Fri Jul 11 15:11:07 EDT 2008
On Fri, Jul 11, 2008 at 9:06 AM, Manfred Duchrow
<manfred.duchrow at md-cs.de> wrote:
> We are using CAS Server 3.2.1.
> We want users to be forced to re-login if they didn't work with any of their
> applications in their CAS protected SSO domain for lets say about an hour.
>
> How can that be achieved?
> As we found out the following defines an absolute timeout:
>
> <bean id="grantingTicketExpirationPolicy"
> class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">
> <constructor-arg index="0" value="7200000" />
> </bean>
>
> It forces a user to re-login after 2 hours whether he was working with the
> protected applications or not.
>
How I did it, (probably the wrong way) was I exposed an additional
endpoint for cas called retime that resets the timeout on the TGT and
nothing else. Then I set CAS to be the timeout I actually want, and I
put a 1 line ajax call in our site header that hits that newly exposed
endpoint and thus resets the timeout on the TGT. You could also do
this by requesting new service tickets each request and throwing them
away.
Thanks
Troy
More information about the cas
mailing list