What configuration for ticket 5.2 ?
586 views
Skip to first unread message
vallee.romain
Feb 27, 2018, 3:09:11 AM2/27/18
to CAS Community
Hello,
i try to setup jasig TGC for this use case :
When i check rememberMe : 1 months without need to enter login.password
When i don't check rememberme : 7 hours unless i close the brother . If i close the brother, i would like to have login/password prompte at next login.
I think rememberMe if ok .
But when i try to closed/open the brother, the session is already up .
# cas.tgc.path=cas.tgc.maxAge=-1# cas.tgc.domain=cas.tgc.name=TGCcas.tgc.secure=falsecas.tgc.rememberMeMaxAge=1350000cas.tgc.encryptionKey=xxxxxxxxxxxcas.tgc.signingKey=xxxxxxxxxxxxxxxxxcas.tgc.cipherEnabled=true
# #remember me 31 days in seconds# # Set to a negative value to never expire ticketscas.ticket.tgt.maxTimeToLiveInSeconds=1350000cas.ticket.tgt.timeToKillInSeconds=7200cas.ticket.tgt.rememberMe.enabled=truecas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=1350000###Throttled Timeout##cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
Have you got an idea ?
Best regards
Romain
Man H
Feb 27, 2018, 7:29:34 AM2/27/18
to cas-...@apereo.org
Try this
cas.ticket.tgt.maxTimeToLiveInSeconds=25200
cas.ticket.tgt.rememberMe.enabled=true
cas.ticket.tgt.rememberMe.timeToKillInSeconds=2592000
To test these set lower values.
Also dont use secure=false
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8c90dba-d149-4ff5-871e-31c38c8722ba%40apereo.org.
Message has been deleted
Message has been deleted
vallee.romain
Feb 27, 2018, 9:52:13 AM2/27/18
to CAS Community
Thank you for your answer .
And session keep alive when i close my web browser . :'(
Now i got this
cas.tgc.maxAge=-1# cas.tgc.domain=cas.tgc.name=TGC#cas.tgc.secure=false#cas.tgc.rememberMeMaxAge=1350000cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2Acas.tgc.cipherEnabled=true
# #remember me 31 days in seconds# # Set to a negative value to never expire ticketscas.ticket.tgt.maxTimeToLiveInSeconds=25200#cas.ticket.tgt.timeToKillInSeconds=7200cas.ticket.tgt.rememberMe.enabled=truecas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000#cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=1350000###Throttled Timeout###cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800#cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5#cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
And session keep alive when i close my web browser . :'(
Try this
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Man H
Feb 27, 2018, 10:37:28 AM2/27/18
to cas-...@apereo.org
Put only those properties.
To end your cas session you have to logout redirect to login page from your application otherwise you will get that behaviour.
Thank you for your answer .Now i got this
And session keep alive when i close my web browser .
Le mardi 27 février 2018 13:29:34 UTC+1, Manfredo Hopp a écrit :
Try this
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8c90dba-d149-4ff5-871e-31c38c8722ba%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/10e4c78f-d647-4ea8-aed6-7bfded1a6887%40apereo.org.
Man H
Feb 27, 2018, 10:43:54 AM2/27/18
to cas-...@apereo.org
As for tgc properties leave them unchanged.
Pd: closing browser does not end cas session.
Put only those properties.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/10e4c78f-d647-4ea8-aed6-7bfded1a6887%40apereo.org.
Ray Bon
Feb 27, 2018, 11:23:57 AM2/27/18
to cas-...@apereo.org
Romain,
I guess cas.tgc.remeberMeMaxAge overrides cas.tgc.maxAge.
If you want your session to end when browser is closed, leave out cas.tgc.rememberMeMaxAge.
Ray
-- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca
vallee.romain
Feb 28, 2018, 3:27:32 AM2/28/18
to CAS Community
Thank you all for your response.
I'm surprised the TGC stays after the browser closes.
For me, if we didn't check "Remember Me", we had authentication per session and not a cookie.
cas.tgc.name=TGC#cas.tgc.secure=false#cas.tgc.rememberMeMaxAge=1350000cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2Acas.tgc.cipherEnabled=true
# #remember me 31 days in seconds# # Set to a negative value to never expire ticketscas.ticket.tgt.maxTimeToLiveInSeconds=25200#cas.ticket.tgt.timeToKillInSeconds=7200cas.ticket.tgt.rememberMe.enabled=truecas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000#cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=1350000
This is my new configuration.
but the TGC cookie still remains after the closing of the web browser.
In version 4.2 of jasig, if we closed the browser, the session was no longer maintained.
Man H
Feb 28, 2018, 7:47:00 AM2/28/18
to cas-...@apereo.org
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6c3297a3-0c5e-478e-ba81-0a4857dc6f5c%40apereo.org.
vallee.romain
Feb 28, 2018, 8:33:22 AM2/28/18
to CAS Community
Without check rememberme.
the tgc cookie is present .
And for cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000
I don't find documentation on tgt , tgc ... :(
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Man H
Feb 28, 2018, 8:56:24 AM2/28/18
to cas-...@apereo.org
Cookies hace maxage inside what says yours
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ac13b2f-6f76-4fc5-a725-de306a8972fe%40apereo.org.
vallee.romain
Feb 28, 2018, 9:05:18 AM2/28/18
to CAS Community
i don't find maxage into the cookie
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ac13b2f-6f76-4fc5-a725-de306a8972fe%40apereo.org.
Man H
Feb 28, 2018, 10:17:31 AM2/28/18
to cas-...@apereo.org
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c01f8ab4-20c1-460f-bccd-7798ecc97d53%40apereo.org.
Ray Bon
Feb 28, 2018, 12:24:17 PM2/28/18
to cas-...@apereo.org
Romain,
You still need cas.tgc.maxAge=-1. No sure what the default is (may be a couple weeks) but setting a cookie maxAge to less than 0 will cause the cookie to be discarded by the browser when it closes. It will stay active in the browser as long as the browser
is open, the lifetime of the CAS session can be managed with cas.ticket.tgt properties.
Ray
vallee.romain
Mar 1, 2018, 3:40:48 AM3/1/18
to CAS Community
Thank you Rbon,
I just try with maxage=-1
but session is stile alive without check rememberMe checkbox.
and a
cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 is generate .
# cas.tgc.path=cas.tgc.maxAge=-1# cas.tgc.domain=cas.tgc.name=TGC#cas.tgc.secure=false#cas.tgc.rememberMeMaxAge=1350000cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2Acas.tgc.cipherEnabled=true
# #remember me 31 days in seconds# # Set to a negative value to never expire ticketscas.ticket.tgt.maxTimeToLiveInSeconds=25200#cas.ticket.tgt.timeToKillInSeconds=7200cas.ticket.tgt.rememberMe.enabled=truecas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000
May be it's a bug?
Ray Bon
Mar 1, 2018, 12:44:49 PM3/1/18
to cas-...@apereo.org
To be clear, what do you mean by 'session'?
CAS has a login session identified by the life of the TGT.
Your application (service) has a session identified by whatever mechanism it chooses (probably a cookie).
Your browser has a session with CAS identified by TGC.
Each of these 'sessions' can expire without impact of any other.
cas.tgc.maxAge=-1 only affects TGC and requires your browser to be closed (maybe even all windows). When the TGC is removed, no new SSO will take place (no way to recover TGT). When TGT expires, no new SSO will take place. To end your session on the service,
you have to log out of the service or remove the cookies it sets (perhaps set its maxAge=-1).
Ray
vallee.romain
Mar 2, 2018, 5:41:09 AM3/2/18
to CAS Community
Thank you Ray for your anwser.
and yet my cas.tgc.maxAge value is -1
But, when cas.tgc.maxAge=-1, it's doesn't affect TGC ticket and when i restart browser, TGC is not removed.
I connect to my cas server :
Without rememberMe
SuccessFull
I close my browser and i open.
and i'm still connected
and yet my cas.tgc.maxAge value is -1
Ray Bon
Mar 2, 2018, 12:06:57 PM3/2/18
to cas-...@apereo.org
Looked at my config again and noticed this (not sure how I missed it before):
# default is P14D
# used to set maxAge on user selection of remember me at login
# it is always set regardless of user choice; this is a bug to investigate
cas.tgc.rememberMeMaxAge=-1
Try setting cas.tgc.rememberMeMaxAge to -1 as well.
I just have not had time to dig into this.
Ray
vallee.romain
Mar 4, 2018, 9:40:32 AM3/4/18
to CAS Community
HI ray,
try cas.tgc.rememberMeMaxAge instead of which value ?
cas.tgc.maxAge=-1# cas.tgc.domain=cas.tgc.name=TGC#cas.tgc.secure=false#cas.tgc.rememberMeMaxAge=1350000cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2Acas.tgc.cipherEnabled=true
# #remember me 31 days in seconds# # Set to a negative value to never expire ticketscas.ticket.tgt.maxTimeToLiveInSeconds=25200#cas.ticket.tgt.timeToKillInSeconds=7200cas.ticket.tgt.rememberMe.enabled=truecas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000
What is P14D ??
vallee.romain
Mar 4, 2018, 9:47:03 AM3/4/18
to CAS Community
I find, may be its a bug !!
Ray Bon
Mar 5, 2018, 12:12:34 PM3/5/18
to cas-...@apereo.org
Set it to -1.
Ray
vallee.romain
Mar 5, 2018, 3:35:27 PM3/5/18
to CAS Community
But -1 to rememberme i will have Infinite Time cookie,no ?
Ray Bon
Mar 5, 2018, 3:48:26 PM3/5/18
to cas-...@apereo.org
I think there is a bug with the way the values are processed (just have not had time to verify). What you want is your cookie to have a maxAge of -1. Oddly, the rememberMeMaxAge will be used to set this value.
The cookie will last as long as your browser is open. When your browser closes the cookie will be removed.
Ray
On Mon, 2018-03-05 at 12:35 -0800, vallee.romain wrote:
But -1 to rememberme i will have Infinite Time cookie,no ?
Reply all
Reply to author
Forward
0 new messages