[NEWSENDER] - Re: [NEWSENDER] - Re: How to set user expiration time individuallyfor each connectedservice? - Message is from an unknown sender - Message is from an unknown sender
Li Wei Nan
liweinan at chinaedu.net
Mon Jul 28 09:16:10 EDT 2008
Great! Thank you very much Scott :-)
- Li Wei Nan
On Jul 28, 2008, at 8:38 PM, Scott Battaglia wrote:
> You're correct its because of the TGT that they aren't prompted for
> their credentials again.
>
> You can either change the TGT expiration time (or even the # of
> times it can be used) or tell the application to use renew=true
> which forces re-authentication each time.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Mon, Jul 28, 2008 at 8:23 AM, Li Wei Nan <liweinan at chinaedu.net>
> wrote:
> Thank you Scott. In our application we set the application-scope
> session timeout to half a hour. But after the application-scope
> session get timeout, the users get redirected to CAS, and then it
> seems CAS login for them automatically (not asking them to enter
> loginname and password again) and redirect back to application. We
> deduce that is because TGC is not expired so the login info is still
> on the CAS server? Or it's not concerned with CAS at all, and maybe
> some application-scope cookies are affecting it(We are trying to
> figure it out but still haven't made any progress)?
>
> Thanks for help!
>
> Best Regards,
> - Li Wei Nan
>
>
>
>
>
> On Jul 28, 2008, at 7:50 PM, Scott Battaglia wrote:
>
>> CAS doesn't maintain any per-application time outs. Session
>> management of the applications is left up to the applications
>> themselves. The timeout for ServiceTickets is merely the length of
>> time they are valid for (thus if you tried to validate it after the
>> timeout, it would fail). The timeout doesn't correlate to any
>> session.
>>
>> -Scott
>>
>> -Scott Battaglia
>> PGP Public Key Id: 0x383733AA
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>
>>
>> On Mon, Jul 28, 2008 at 1:25 AM, Li Wei Nan <liweinan at chinaedu.net>
>> wrote:
>> Hi All,
>>
>> I need to set the user expiration time individually on each
>> connected service. I know that setting the ServiceTicket and
>> GrantingTicket expiration time on CAS can control it in baseline.
>> But are there any methods that I could set it individually on each
>> service? Such as set user login expiration time on APP1 to 10s, and
>> on APP2 to 2hours?
>>
>> I've tried using ajax to call 'cas logout' for user, but it's ugly.
>>
>> Thanks!
>> - Li Wei Nan
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080728/34f78f24/attachment.html
More information about the cas
mailing list