I am running CAS 5.2.7 and the TGC has session lifetime regardless of 'Remember me'. If I close my browser, the TGC will be removed (firefox and chrome). I could be wrong, but I understand 'Remember me' as a way of providing an SSO session that is longer than the app session (not a way to persist across browser shutdowns). When the app session ends, it goes back to CAS where log in is automatic. If the TGC is still present after you close your browser, it could be odd browser behaviour.
What version of CAS are you using? I have not been in a position to test switching networks, so can not provide first hand experience in this regard. It is possible that the TGC is bound to an ip address. I have not looked at the code for its creation. Perhaps a security measure to prevent two different devices from using the same TGC. Ray On Thu, 2018-12-06 at 00:42 +0200, darKu wrote: Hi Ray, First of all thank you for your interest into this problem. Remember me works. User logs in with remember me checked Close browser, on windows I close Chrome from taskbar/taskmanager, since chrome is working somehow in the backround. On iPad I close safari from running apps When I open up again Chrome and check the cookies just the TGC is present since remember me was used, no app cookie as you stated out, app cookie expired when the browser was closed, as well TGC will not be present if the user didn't check remember me - the same thing you stated out. Then I access the app. It works in both scenarios :pc and iPad However if I switch the network and I will be doing the same step then instead I get redirected to the login form. So why in this case cas tgc doesn't get validated or sent? (maybe just the iPad is the troublemaker not sending the tgc? ) as I said I was able to reproduce it on my DEV. I have to try in prod on my laptop and see if I switch on my laptop the network will this work or not. Regarding your statement about app session. Hmmm that would be interesting to try. Definitely here I have more control so I should be doing the app session as long term authenticated On Wed, Dec 5, 2018, 20:02 Ray Bon <[email protected]<mailto:[email protected]> wrote: Catalin, 'Remember me' is a CAS session option and has nothing to do with your app session. Closing your browser and keeping the log in to your app means that your app has a long term cookie that lives while your browser is closed. The CAS TGC, by default, will expire if the browser is closed. If you visit a new app you would have to log in again. If your apps require log in after a network change, that is an app config issue. Are users closing the browser when switching networks? If you want to see 'Remember me' in action, after logging in to your app and waiting the minimum CAS session time, delete your app's cookies (not CAS cookies). When you revisit your app, you will be redirected to CAS and log in will proceed automatically. On Wed, 2018-12-05 at 01:43 -0800, Catalin Dobrea wrote: Hi, We use CAS 5.2.4 to protect some of our web apps and have SSO over them. One of our clients complains about this scenario: - The user authenticates successfully, via "Remember me" option presented on the login form offered by CAS. (I can confirm that this long term authentication works, for e.g. I'm closing Chrome from memory and then when visiting the app no login is required) - The users of the client are pretty much in the move, so they access the apps we offer (protected by CAS) from different places: mobile network, different wifis. - So they complain that when they change the network they are required to authenticate again even though they checked before the "Remember me" option. So my questions are: - Is this long term authentication sensible to IP changes? - How this can be bypassed? - I scrolled thorough cas.properties to see anything that might tweak this scenario but I was unable to identify any of those - I was able to reproduce this problem locally on my dev env, by switching networks, another important thing is that devices from which they access our apps are iPADs with Safari iOS 12 or so. I used an iPad as well when reproducing this scenario Can this also be the cause? because sometimes is a nightmare doing custom things for iOS. So, can it happen that the TGC is not being sent on Safari iOS when the network changes? Any starting point, helping me to find a fix or at least an explanation if this scenario is intended, would be really appreciated! Thanks -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1544032921.2944.71.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1544032921.2944.71.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1544055504.2944.90.camel%40uvic.ca.
