CAS Client side (user) session timeout - regd

[Amulya Sri Pulijala]

Hi all,

I have a requirement like, whenever user (client) is inactive for more than 5min, the session of the user has to be closed! basically must be logged out. Can we do it using cas.properties? am using cas-6.6.5

Thanks in advance,

Amulya

[Ray Bon]

Amulya,

Are you talking about logging out of an application or about cas?

For an application, that would be in the application configuration.

For cas, see https://apereo.github.io/cas/6.6.x/ticketing/Configuring-Ticket-Expiration-Policy.html

Ray

On Fri, 2024-04-12 at 04:00 -0700, Amulya Sri Pulijala wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

[Amulya Sri Pulijala]

Thanks Ray, 

Am looking for application configuration only... This helped. 

I have one more query, can we encrypt password before sending to server in CAS ? (we are using HTTPS, even then till transport layer, the password is of plain text only)

Any relevant cas.properties for this?

Thanks in advance!

[Ray Bon]

Amulya,

It is best to start a new thread for a different topic, makes it easier to search the news groups.

Are you asking about RESTful approach to cas authentication?

https://apereo.github.io/cas/7.0.x/protocol/REST-Protocol.html

Or are you asking about encrypting the password in the browser, then submitting it to the cas server?

Perhaps explain [in a new thread] what problem you are trying to solve (i.e., why https is not sufficient)?

Ray