Hello, We are using CAS Server 4.2.6 for few weeks now but we’re facing a problem with the SSO lifetime.
The ticket registry used is EhCache and the RememberMe feature is enabled, you can find the settings in this gist : <https://gist.github.com/vhurteve/af4a563645a7eaf131ccc9772c4f312a <https://gist.github.com/vhurteve/af4a563645a7eaf131ccc9772c4f312a>> We would like default TGT lifetime of 12 hours (43200s) and a rememberMe of 7 days (604800s) SSO works but it doesn’t last as expected, forcing users to reauthenticate. The SSO lifetime seems random and barely 2 hours long. I tried the neverExpire policy but I still have the problem. I tried to investigate the problem logging EhCache in debug mode but there’s no message about forced eviction or something like this. I choosed large ehcache settings, enough memory settings, with disk overflow, but no amelioration. The TGT, ST, TGC settings are set in a cas.properties file correctly loaded by the server as the other settings (ldap servers, ehcache, encryption, etc) are well applied. Where could be the problem ? Bonus question, the TGT seems linked to username/Client IP/UserAgent, which is not the behavior in version 3.5.x I think where the IP didn’t come into the equation. As the users are more and more moving and switching network settings, it could be a problem. How I can link the TGT to username and UA only ? Thank you, -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/224C52C7-D018-4D71-B5C1-CFFC75310683%40univ-lyon1.fr.
smime.p7s
Description: S/MIME cryptographic signature
