[cas-user] Re: per-service cas.saml-core.skew-allowance?

Wed, 15 Mar 2023 20:25:49 -0700 

Hi Baron,

We are running CAS version 6.5.9 and I was able to set a skew allowance 
value per service as follows:
{
   "@class" : "org.apereo.cas.services.RegexRegisteredService",
   "serviceId" : "^https://.*";,
   "name" : "Sample",
   "id" : 10,
   "skewAllowance": 40
}

Note: Setting a negative  *skewAllowance* value will not work in 6.5.9 du 
to a bug (fixed in 6.6.x)

Hope this helps.

Thanks
Olivier Begon
ITS -  Florida State University

On Tuesday, March 14, 2023 at 4:17:27 PM UTC-4 baron wrote:

> On a CAS 6.5 system, we're trying to troubleshoot a problem with one of 
> our CAS clients applications. One experiment we'd like to try is to 
> increase cas.saml-core.skew-allowance from its default 30s to perhaps 40s. 
>
> Ideally we'd like to try this on a per-service basis to limit the scope of 
> the change, but I don't see an example of this in the documentation at <
> https://apereo.github.io/cas/6.5.x/protocol/SAML-Protocol.html#configuration
> >
>
> Perhaps something like:
>
> {
>     "@class" : "org.apereo.cas.services.RegexRegisteredService",
>     "serviceId" : "^https://.*";,
>     "name" : "Sample",
>     "id" : 10,
>     "notSureWhatIdentifierToUseHere": {
>       "@class": " 
> org.apereo.cas.configuration.model.support.saml.SamlCoreProperties",
>       "skew-allowance": PT40S
>     }
> }
>
> This was modeled from the example for 
> cas.ticket.st.time-to-kill-in-seconds at <
> https://apereo.github.io/cas/6.5.x/ticketing/Configuring-Ticket-Expiration-Policy.html#per-service>.
>  
> However, assuming this is possible, I don't know what would be appropriate 
> where I have the placeholder "notSureWhatIdentifierToUseHere".
>
> -- 
> Baron Fujimoto <[email protected]> ::: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0c5da7ec-19f2-4d1f-9583-59c6a7d95c9an%40apereo.org.

Reply via email to