per-service cas.saml-core.skew-allowance?
16 views
Skip to first unread message
Baron Fujimoto
Mar 14, 2023, 4:17:27 PM3/14/23
to CAS Community
On a CAS 6.5 system, we're trying to troubleshoot a problem with one of our CAS clients applications. One experiment we'd like to try is to increase cas.saml-core.skew-allowance from its default 30s to perhaps 40s.
Ideally we'd like to try this on a per-service basis to limit the scope of the change, but I don't see an example of this in the documentation at <https://apereo.github.io/cas/6.5.x/protocol/SAML-Protocol.html#configuration>
Perhaps something like:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://.*",
"name" : "Sample",
"id" : 10,
"notSureWhatIdentifierToUseHere": {
"@class": " org.apereo.cas.configuration.model.support.saml.SamlCoreProperties",
"skew-allowance": PT40S
}
}
--
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://.*",
"name" : "Sample",
"id" : 10,
"notSureWhatIdentifierToUseHere": {
"@class": " org.apereo.cas.configuration.model.support.saml.SamlCoreProperties",
"skew-allowance": PT40S
}
}
This was modeled from the example for cas.ticket.st.time-to-kill-in-seconds at <https://apereo.github.io/cas/6.5.x/ticketing/Configuring-Ticket-Expiration-Policy.html#per-service>. However, assuming this is possible, I don't know what would be appropriate where I have the placeholder "notSureWhatIdentifierToUseHere".
Baron Fujimoto <ba...@hawaii.edu> ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
Olivier Begon
Mar 15, 2023, 11:25:47 PM3/15/23
to CAS Community, baron
Hi Baron,
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://.*",
"name" : "Sample",
"id" : 10,
We are running CAS version 6.5.9 and I was able to set a skew allowance value per service as follows:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://.*",
"name" : "Sample",
"id" : 10,
"skewAllowance": 40
}
Note: Setting a negative skewAllowance value will not work in 6.5.9 du to a bug (fixed in 6.6.x)
Hope this helps.
Thanks
}
Note: Setting a negative skewAllowance value will not work in 6.5.9 du to a bug (fixed in 6.6.x)
Hope this helps.
Thanks
Olivier Begon
ITS - Florida State University
ITS - Florida State University
Baron Fujimoto
Mar 18, 2023, 12:07:57 AM3/18/23
to cas-...@apereo.org
Mahalo!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0c5da7ec-19f2-4d1f-9583-59c6a7d95c9an%40apereo.org.
Reply all
Reply to author
Forward
0 new messages