Hi, I already done that, but at startup there is no log about the timeToIdleSeconds and timeToLiveSeconds.
I tried to follow the files which configures the EhCache registry. In the file ehcache-ticket-registry.xml in the bean describing the cache for TGT registry doesn’t inherit from the bean abstractTicketCache whereas serviceTicket does. I think it’s a problem because the settings about memory max element, disk overflow, etc, doesn’t apply to the TGT cache which needs more persistence than serviceTicket. How I can (where to put my file), using the maven overlay method, to replace this default file ? > Le 22 nov. 2016 à 00:46, Ray Bon <[email protected]> a écrit : > > Vincent, > > Try this logger to make sure ehcache is getting the correct timers: > <!-- at DEBUG prints Found system property value of ... --> > <logger name="net.sf.ehcache.config"> > <level value="DEBUG" /> > </logger> > > Ray > > On 2016-11-21 14:19, HURTEVENT VINCENT wrote: >> Hello Ray, >> >> EhCache has these settings to suit TGT lifetime : >> >> ehcache.cache.st.name=org.jasig.cas.ticket.ServiceTicket >> ehcache.cache.st.timeIdle=0 >> ehcache.cache.st.timeAlive=300 >> ehcache.cache.tgt.name=org.jasig.cas.ticket.TicketGrantingTicket >> ehcache.cache.tgt.timeIdle=0 >> ehcache.cache.tgt.timeAlive=604800 >> >> >> >> >> >> >> >> >>> Le 21 nov. 2016 à 20:48, Ray Bon <[email protected]> a écrit : >>> >>> Vincent, >>> >>> Ehcache has its own expiration policy. Look at timeToLive, timeToIdle for >>> bean class org.springframework.cache.ehcache.EhCacheFactoryBean. >>> >>> Ray >>> >>> On 2016-11-21 10:49, HURTEVENT VINCENT wrote: >>>> Hello, >>>> >>>> We are using CAS Server 4.2.6 for few weeks now but we’re facing a problem >>>> with the SSO lifetime. >>>> >>>> The ticket registry used is EhCache and the RememberMe feature is enabled, >>>> you can find the settings in this gist : >>>> >>>> <https://gist.github.com/vhurteve/af4a563645a7eaf131ccc9772c4f312a> >>>> >>>> We would like default TGT lifetime of 12 hours (43200s) and a rememberMe >>>> of 7 days (604800s) >>>> >>>> SSO works but it doesn’t last as expected, forcing users to >>>> reauthenticate. The SSO lifetime seems random and barely 2 hours long. >>>> >>>> I tried the neverExpire policy but I still have the problem. I tried to >>>> investigate the problem logging EhCache in debug mode but there’s no >>>> message about forced eviction or something like this. I choosed large >>>> ehcache settings, enough memory settings, with disk overflow, but no >>>> amelioration. >>>> >>>> The TGT, ST, TGC settings are set in a cas.properties file correctly >>>> loaded by the server as the other settings (ldap servers, ehcache, >>>> encryption, etc) are well applied. >>>> >>>> Where could be the problem ? >>>> >>>> Bonus question, the TGT seems linked to username/Client IP/UserAgent, >>>> which is not the behavior in version 3.5.x I think where the IP didn’t >>>> come into the equation. >>>> As the users are more and more moving and switching network settings, it >>>> could be a problem. How I can link the TGT to username and UA only ? >>>> >>>> Thank you, >>>> >>>> >>>> -- >>>> - CAS gitter chatroom: https://gitter.im/apereo/cas >>>> - CAS mailing list guidelines: >>>> https://apereo.github.io/cas/Mailing-Lists.html >>>> - CAS documentation website: https://apereo.github.io/cas >>>> - CAS project website: https://github.com/apereo/cas >>>> --- >>>> You received this message because you are subscribed to the Google Groups >>>> "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/224C52C7-D018-4D71-B5C1-CFFC75310683%40univ-lyon1.fr. >>> -- >>> Ray Bon >>> Programmer Analyst >>> Development Services, University Systems >>> 2507218831 | CLE C023 | >>> [email protected] >>> >>> -- >>> - CAS gitter chatroom: https://gitter.im/apereo/cas >>> - CAS mailing list guidelines: >>> https://apereo.github.io/cas/Mailing-Lists.html >>> - CAS documentation website: https://apereo.github.io/cas >>> - CAS project website: https://github.com/apereo/cas >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/247752f5-c6dd-a634-db9c-fbf74e9cbbea%40uvic.ca. > > -- > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE C023 | [email protected] > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/511451ab-e1e4-2dd1-4d9e-ee85fecf46de%40uvic.ca. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8D0EF5F8-D618-4A42-B3F2-4B5D5FA272B9%40univ-lyon1.fr.
smime.p7s
Description: S/MIME cryptographic signature
