Hello Ray, EhCache has these settings to suit TGT lifetime :
ehcache.cache.st.name=org.jasig.cas.ticket.ServiceTicket ehcache.cache.st.timeIdle=0 ehcache.cache.st.timeAlive=300 ehcache.cache.tgt.name=org.jasig.cas.ticket.TicketGrantingTicket ehcache.cache.tgt.timeIdle=0 ehcache.cache.tgt.timeAlive=604800 > Le 21 nov. 2016 à 20:48, Ray Bon <[email protected]> a écrit : > > Vincent, > > Ehcache has its own expiration policy. Look at timeToLive, timeToIdle for > bean class org.springframework.cache.ehcache.EhCacheFactoryBean. > > Ray > > On 2016-11-21 10:49, HURTEVENT VINCENT wrote: >> Hello, >> >> We are using CAS Server 4.2.6 for few weeks now but we’re facing a problem >> with the SSO lifetime. >> >> The ticket registry used is EhCache and the RememberMe feature is enabled, >> you can find the settings in this gist : >> >> <https://gist.github.com/vhurteve/af4a563645a7eaf131ccc9772c4f312a> >> >> We would like default TGT lifetime of 12 hours (43200s) and a rememberMe of >> 7 days (604800s) >> >> SSO works but it doesn’t last as expected, forcing users to reauthenticate. >> The SSO lifetime seems random and barely 2 hours long. >> >> I tried the neverExpire policy but I still have the problem. I tried to >> investigate the problem logging EhCache in debug mode but there’s no message >> about forced eviction or something like this. I choosed large ehcache >> settings, enough memory settings, with disk overflow, but no amelioration. >> >> The TGT, ST, TGC settings are set in a cas.properties file correctly loaded >> by the server as the other settings (ldap servers, ehcache, encryption, etc) >> are well applied. >> >> Where could be the problem ? >> >> Bonus question, the TGT seems linked to username/Client IP/UserAgent, which >> is not the behavior in version 3.5.x I think where the IP didn’t come into >> the equation. >> As the users are more and more moving and switching network settings, it >> could be a problem. How I can link the TGT to username and UA only ? >> >> Thank you, >> >> >> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: >> https://apereo.github.io/cas/Mailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/224C52C7-D018-4D71-B5C1-CFFC75310683%40univ-lyon1.fr. > > -- > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE C023 | > [email protected] > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/247752f5-c6dd-a634-db9c-fbf74e9cbbea%40uvic.ca. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2C2818EE-DF9E-4314-BF66-4C0BBCCE10BC%40univ-lyon1.fr.
smime.p7s
Description: S/MIME cryptographic signature
