We do not have a Discovery URL defined. -EWG On Friday, August 21, 2020 at 11:36:53 PM UTC-4 Mike Osterman wrote:
> Thanks, Elijah! I did wonder if I ought to switch to SAML instead. Are you > using a Discovery URL as well? > > On Fri, Aug 21, 2020 at 8:25 PM Elijah Gagne <[email protected]> > wrote: > >> Just as another data point, we're using CAS 6.1.7 using a SAML >> integration with Canvas. We don't have any session timeout issues. >> Regards, >> EWG >> >> On Friday, August 21, 2020 at 10:43:23 PM UTC-4 Mike Osterman wrote: >> >>> Disclaimer: I know this is a CAS list, not a Canvas list, but the >>> combination of the two is having issues, and I've run out of road working >>> with Instructure support. >>> >>> Late last semester, we started experiencing issues where Canvas users >>> were getting logged out frequently. I believe it started around the time >>> that we switched Canvas from CAS 3.x to our CAS 5.3.x IdP. We also made the >>> switch from defaulting login to CAS for all users, where external "guest" >>> accounts had to know the native Canvas account login URL, to the Discovery >>> page setup, where users are presented with Door #1 (Institutional SSO) and >>> Door #2 (native Canvas accounts). >>> >>> I worked with Instructure support, and they insisted that the cause was >>> our CAS server, which doesn't track with the pattern I see with most >>> CASified applications: app redirect to CAS to authenticate and get returned >>> some attributes, but upon successful login flow, the app manages its own >>> internal session state and timeout. >>> >>> That said, in testing out a different CAS IdP implementation with Canvas >>> provided by Technolutions in the Slate platform, I learned that the CAS >>> client that Canvas uses only uses proxyValidate. (The Slate IdP only >>> supports /serviceValidate). I'm not sure this is in any way related, but >>> it's another data point. >>> >>> Finally, we had Instructure hard-code our Canvas application session >>> timeout to 8 hours, which has had zero impact on the short session timeouts >>> in CAS. >>> >>> Has anyone else dealt with this issue with CAS + Canvas, and better >>> still, solved it? >>> >>> Thanks for any and all pointers, suggestions, etc. >>> >>> -Mike >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ea99e12-441b-4593-aedb-c53655f17db4n%40apereo.org.
