Gary, My understanding of ehcache is that it performs a wholesale cleanup. Based on your settings I would expect the checks would happen every 4 minutes. Do you have multiple servers? Each server will do its own routine checks on its own clock. The actions of some of those checks will be communication with peers. I could see ehcache holding a ticket until maxTimeToLiveInSeconds is reached, just because a ticket is expired does not mean that it should be purged from the cache.
Are you saying that after 240 seconds the TGT can still be used? That would be a CAS bug. If you just expect the tickets to be gone, that is an ehcache issue. Do you use 'remember me' option or is the longest a TGT can be used 240 seconds? If the latter, then set maxTimeToLiveInSeconds to the same value as timeToKillInSeconds. Ray On Fri, 2018-02-16 at 22:08 +0000, Maxwell, Gary wrote: We are still experiencing a problem with the expiration of TGT's Ehache. The “timeToKillInSeconds” value seems to have no effect on removing the TGT from Ehcache temp folder. The TGT entries are not deleted until the “maxTimeToLiveInSeconds” is reached. The attached log illustrates that CAS detects the TGT is expired and the TGT is removed however these same messages are written again every 2 minutes. We observe that the file still exists in the temp ehcache folder and does not get deleted until the “maxTimeToLiveInSeconds” is reached. We are currently using 5.2.2-SNAPSHOT within a two server HA environment cas.ticket.tgt.maxTimeToLiveInSeconds=28800 cas.ticket.tgt.timeToKillInSeconds=240 cas.ticket.registry.ehcache.replicateUpdatesViaCopy=true cas.ticket.registry.ehcache.cacheManagerName=ticketRegistryCacheManager cas.ticket.registry.ehcache.replicatePuts=true cas.ticket.registry.ehcache.replicateUpdates=true cas.ticket.registry.ehcache.memoryStoreEvictionPolicy=LRU cas.ticket.registry.ehcache.configLocation=file:///opt/login-test/config/ehcache-replicated.xml cas.ticket.registry.ehcache.maximumBatchSize=100 cas.ticket.registry.ehcache.shared=true cas.ticket.registry.ehcache.replicationInterval=10000 cas.ticket.registry.ehcache.cacheTimeToLive=240 cas.ticket.registry.ehcache.diskExpiryThreadIntervalSeconds=0 cas.ticket.registry.ehcache.replicateRemovals=true cas.ticket.registry.ehcache.maxChunkSize=5000000 cas.ticket.registry.ehcache.maxElementsOnDisk=0 cas.ticket.registry.ehcache.maxElementsInCache=0 cas.ticket.registry.ehcache.maxElementsInMemory=10000 cas.ticket.registry.ehcache.eternal=false cas.ticket.registry.ehcache.loaderAsync=true cas.ticket.registry.ehcache.replicatePutsViaCopy=true cas.ticket.registry.ehcache.cacheTimeToIdle=240 cas.ticket.registry.ehcache.persistence=LOCALTEMPSWAP cas.ticket.registry.ehcache.synchronousWrites=false Any insight or thoughts would be great! -Gary . -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1518824432.1763.55.camel%40uvic.ca.
