Vincent,
Try this logger to make sure ehcache is getting the correct timers:
<!-- at DEBUG prints Found system property value of ... -->
<logger name="net.sf.ehcache.config">
<level value="DEBUG" />
</logger>
Ray
On 2016-11-21 14:19, HURTEVENT VINCENT wrote:
> Hello Ray,
>
> EhCache has these settings to suit TGT lifetime :
>
> ehcache.cache.st.name=org.jasig.cas.ticket.ServiceTicket
> ehcache.cache.st.timeIdle=0
> ehcache.cache.st.timeAlive=300
> ehcache.cache.tgt.name=org.jasig.cas.ticket.TicketGrantingTicket
> ehcache.cache.tgt.timeIdle=0
> ehcache.cache.tgt.timeAlive=604800
>
>
>
>
>
>
>
>
>> Le 21 nov. 2016 à 20:48, Ray Bon <[email protected]> a écrit :
>>
>> Vincent,
>>
>> Ehcache has its own expiration policy. Look at timeToLive, timeToIdle for
>> bean class org.springframework.cache.ehcache.EhCacheFactoryBean.
>>
>> Ray
>>
>> On 2016-11-21 10:49, HURTEVENT VINCENT wrote:
>>> Hello,
>>>
>>> We are using CAS Server 4.2.6 for few weeks now but we’re facing a problem
>>> with the SSO lifetime.
>>>
>>> The ticket registry used is EhCache and the RememberMe feature is enabled,
>>> you can find the settings in this gist :
>>>
>>> <https://gist.github.com/vhurteve/af4a563645a7eaf131ccc9772c4f312a>
>>>
>>> We would like default TGT lifetime of 12 hours (43200s) and a rememberMe of
>>> 7 days (604800s)
>>>
>>> SSO works but it doesn’t last as expected, forcing users to reauthenticate.
>>> The SSO lifetime seems random and barely 2 hours long.
>>>
>>> I tried the neverExpire policy but I still have the problem. I tried to
>>> investigate the problem logging EhCache in debug mode but there’s no
>>> message about forced eviction or something like this. I choosed large
>>> ehcache settings, enough memory settings, with disk overflow, but no
>>> amelioration.
>>>
>>> The TGT, ST, TGC settings are set in a cas.properties file correctly loaded
>>> by the server as the other settings (ldap servers, ehcache, encryption,
>>> etc) are well applied.
>>>
>>> Where could be the problem ?
>>>
>>> Bonus question, the TGT seems linked to username/Client IP/UserAgent, which
>>> is not the behavior in version 3.5.x I think where the IP didn’t come into
>>> the equation.
>>> As the users are more and more moving and switching network settings, it
>>> could be a problem. How I can link the TGT to username and UA only ?
>>>
>>> Thank you,
>>>
>>>
>>> --
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines:
>>> https://apereo.github.io/cas/Mailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> ---
>>> You received this message because you are subscribed to the Google Groups
>>> "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/224C52C7-D018-4D71-B5C1-CFFC75310683%40univ-lyon1.fr.
>> --
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE C023 |
>> [email protected]
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/247752f5-c6dd-a634-db9c-fbf74e9cbbea%40uvic.ca.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE C023 | [email protected]
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/511451ab-e1e4-2dd1-4d9e-ee85fecf46de%40uvic.ca.
