How to Extend TGT session without logging in to another SSO application?

[Ed O'Neill]

I have worked with CAS 4.1 in the past and in that version, there was no way to extend the life of a TGT ticket without a user attempting to log into another CAS registered service prior to the expiration of the TGT.  What this meant was that if a user used CAS to log into a registered service,  and continued to be active in the local application longer than the TGT timeout,  and then attempted to then log into a different registered service (application), they were prompted to log in to CAS again.  

In CAS 6.2+ is there a way to update the TGT to remain alive as long as the registered service application is being used (and local app session is valid)?

I don't want to use the 'remember me' and allow a user to have a valid CAS TGT if they are not actively using one of the registered services, but if they are using a registered service I would like a way to ensure the TGT remains alive.

Thanks,

 Ed

[Ray Bon]

Ed,

Short answer: no.

Cas does not store session information about a service. I suppose you could configure your service to send a login request whenever it detects that it is still active. Just watch out for long running applications (like webmail) that that could keep the TGT live 'indefinately'.

Ray

On Fri, 2021-01-29 at 15:59 -0800, Ed O'Neill wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

[Ed O'Neill]

Thanks Ray,

  In 4.1 I created a webflow in CAS that would handle a request to a non-existant but uniquely named service, and so I could make js async requests from the current app being used to CAS for the "keep-alive" service, and handle the response quietly, and this would increase the TGT life as though the user had attempted to navigate to a real registered service.  But since this is a bit of a hack, I was hoping for a similar, but more elegant built in feature.

Ed