James, Although it is not on the list, https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#tgt-expiration-policy, I think remember me is checked first and it is 'reactivated' when TGT is used within its time frame (up to maxTimeToLiveInSeconds) as part of the sliding window.
1. yes 2. yes 3. no - TGT will be refreshed to 300s when remember me or 10s as per timeToKillInSeconds 4. hmm, this would depend on whether the check is for ticket validity or invalidity Given that the first check is for 'never expire' and the last is for 'expire immediately', I think the check is for validity. That is, if TGT is valid, no more checks are made. Ray On Wed, 2019-01-23 at 20:03 -0800, James Mackerel wrote: hi all, I am trying to set tgt session timeout for my CAS server. I want to config CAS to act like this (for testing purpose): 1. if remember me is not checked, TGT will be killed if it is not used to grant ST in 10 seconds 2. if remember me is checked, TGT will be killed if it is not used to grant ST in 300 seconds 3. if a TGT grants a ST, its TTL will be refreshed to 3000 seconds 4. but no matter remember me is checked or not, a TGT will be killed 30 seconds after its creation So this is properties I set: cas.ticket.tgt.rememberMe.enabled=true cas.ticket.tgt.rememberMe.timeToKillInSeconds=300 cas.ticket.tgt.maxTimeToLiveInSeconds=3000 cas.ticket.tgt.timeToKillInSeconds=10 cas.ticket.tgt.hardTimeout.timeToKillInSeconds=30 cas.tgc.rememberMeMaxAge=2000 But when I check the remember me box, TGT will never be killed if I use it to grant ST less than every 300 seconds. It seems like hardTimout is not working when remember me is checked. Is this a bug? I am using CAS 5.3.6 with redis ticket registry. Please help, thank you. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1548356789.3605.146.camel%40uvic.ca.
