Set it to -1. Ray
On Sun, 2018-03-04 at 06:40 -0800, vallee.romain wrote: HI ray, try cas.tgc.rememberMeMaxAge instead of which value ? cas.tgc.maxAge=-1 # cas.tgc.domain= cas.tgc.name=TGC #cas.tgc.secure=false #cas.tgc.rememberMeMaxAge=1350000 cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4 cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A cas.tgc.cipherEnabled=true # #remember me 31 days in seconds # # Set to a negative value to never expire tickets cas.ticket.tgt.maxTimeToLiveInSeconds=25200 #cas.ticket.tgt.timeToKillInSeconds=7200 cas.ticket.tgt.rememberMe.enabled=true cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 What is P14D ?? Le vendredi 2 mars 2018 18:06:57 UTC+1, rbon a écrit : Looked at my config again and noticed this (not sure how I missed it before): # default is P14D # used to set maxAge on user selection of remember me at login # it is always set regardless of user choice; this is a bug to investigate # file: https://github.com/apereo/cas/blob/5.1.x/support/cas-server-support-cookie/src/main/java/org/apereo/cas/web/support/CookieRetrievingCookieGenerator.java cas.tgc.rememberMeMaxAge=-1 Try setting cas.tgc.rememberMeMaxAge to -1 as well. I just have not had time to dig into this. Ray On Fri, 2018-03-02 at 02:41 -0800, vallee.romain wrote: Thank you Ray for your anwser. But, when cas.tgc.maxAge=-1, it's doesn't affect TGC ticket and when i restart browser, TGC is not removed. I connect to my cas server : [https://lh3.googleusercontent.com/-dlX-g502DIw/Wpkpd4sWIqI/AAAAAAAAo5c/rCuzl_QSv5oV0Sx8OnddiLX17iWWp-uyACLcBGAs/s320/Jasig1.PNG]<https://lh3.googleusercontent.com/-dlX-g502DIw/Wpkpd4sWIqI/AAAAAAAAo5c/rCuzl_QSv5oV0Sx8OnddiLX17iWWp-uyACLcBGAs/s1600/Jasig1.PNG> Without rememberMe [https://lh3.googleusercontent.com/-aOkRN1tOc3c/WpkpllaSX8I/AAAAAAAAo5g/A8iDVManT5M2eWLtFv9ewg60_vNOZhAAgCLcBGAs/s320/Jasig2.PNG]<https://lh3.googleusercontent.com/-aOkRN1tOc3c/WpkpllaSX8I/AAAAAAAAo5g/A8iDVManT5M2eWLtFv9ewg60_vNOZhAAgCLcBGAs/s1600/Jasig2.PNG> SuccessFull I close my browser and i open. and i'm still connected [https://lh3.googleusercontent.com/-0TIWpc3Fq70/Wpkp4aIuVKI/AAAAAAAAo5k/XufMq6f-Mg8K9Tx7Bs1yW6oYF-Vzi6agwCLcBGAs/s320/Jasig2.PNG]<https://lh3.googleusercontent.com/-0TIWpc3Fq70/Wpkp4aIuVKI/AAAAAAAAo5k/XufMq6f-Mg8K9Tx7Bs1yW6oYF-Vzi6agwCLcBGAs/s1600/Jasig2.PNG> and yet my cas.tgc.maxAge value is -1 Le jeudi 1 mars 2018 18:44:49 UTC+1, rbon a écrit : To be clear, what do you mean by 'session'? CAS has a login session identified by the life of the TGT. Your application (service) has a session identified by whatever mechanism it chooses (probably a cookie). Your browser has a session with CAS identified by TGC. Each of these 'sessions' can expire without impact of any other. cas.tgc.maxAge=-1 only affects TGC and requires your browser to be closed (maybe even all windows). When the TGC is removed, no new SSO will take place (no way to recover TGT). When TGT expires, no new SSO will take place. To end your session on the service, you have to log out of the service or remove the cookies it sets (perhaps set its maxAge=-1). Ray On Thu, 2018-03-01 at 00:40 -0800, vallee.romain wrote: Thank you Rbon, I just try with maxage=-1 but session is stile alive without check rememberMe checkbox. and a cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 is generate .[https://lh3.googleusercontent.com/-M63S0VCpRro/Wpe8TY_fZiI/AAAAAAAAo4M/d-zmyCK5UsoeZ0IdQcZ7Jggt-j3ji-r8gCLcBGAs/s1600/Capture.PNG]<https://lh3.googleusercontent.com/-M63S0VCpRro/Wpe8TY_fZiI/AAAAAAAAo4M/d-zmyCK5UsoeZ0IdQcZ7Jggt-j3ji-r8gCLcBGAs/s1600/Capture.PNG> # cas.tgc.path= cas.tgc.maxAge=-1 # cas.tgc.domain= cas.tgc.name<http://cas.tgc.name>=TGC #cas.tgc.secure=false #cas.tgc.rememberMeMaxAge=1350000 cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4 cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A cas.tgc.cipherEnabled=true # #remember me 31 days in seconds # # Set to a negative value to never expire tickets cas.ticket.tgt.maxTimeToLiveInSeconds=25200 #cas.ticket.tgt.timeToKillInSeconds=7200 cas.ticket.tgt.rememberMe.enabled=true cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 May be it's a bug? Le mercredi 28 février 2018 18:24:17 UTC+1, rbon a écrit : Romain, You still need cas.tgc.maxAge=-1. No sure what the default is (may be a couple weeks) but setting a cookie maxAge to less than 0 will cause the cookie to be discarded by the browser when it closes. It will stay active in the browser as long as the browser is open, the lifetime of the CAS session can be managed with cas.ticket.tgt properties. Ray On Wed, 2018-02-28 at 00:27 -0800, vallee.romain wrote: Thank you all for your response. I'm surprised the TGC stays after the browser closes. For me, if we didn't check "Remember Me", we had authentication per session and not a cookie. cas.tgc.name<http://cas.tgc.name>=TGC #cas.tgc.secure=false #cas.tgc.rememberMeMaxAge=1350000 cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4 cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A cas.tgc.cipherEnabled=true # #remember me 31 days in seconds # # Set to a negative value to never expire tickets cas.ticket.tgt.maxTimeToLiveInSeconds=25200 #cas.ticket.tgt.timeToKillInSeconds=7200 cas.ticket.tgt.rememberMe.enabled=true cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 #cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=1350000 This is my new configuration. but the TGC cookie still remains after the closing of the web browser. In version 4.2 of jasig, if we closed the browser, the session was no longer maintained. Le mardi 27 février 2018 17:23:57 UTC+1, rbon a écrit : Romain, I guess cas.tgc.remeberMeMaxAge overrides cas.tgc.maxAge. If you want your session to end when browser is closed, leave out cas.tgc.rememberMeMaxAge. Ray On Tue, 2018-02-27 at 00:09 -0800, vallee.romain wrote: Hello, i try to setup jasig TGC for this use case : When i check rememberMe : 1 months without need to enter login.password When i don't check rememberme : 7 hours unless i close the brother . If i close the brother, i would like to have login/password prompte at next login. I think rememberMe if ok . But when i try to closed/open the brother, the session is already up . # cas.tgc.path= cas.tgc.maxAge=-1 # cas.tgc.domain= cas.tgc.name<http://cas.tgc.name>=TGC cas.tgc.secure=false cas.tgc.rememberMeMaxAge=1350000 cas.tgc.encryptionKey=xxxxxxxxxxx cas.tgc.signingKey=xxxxxxxxxxxxxxxxx cas.tgc.cipherEnabled=true # #remember me 31 days in seconds # # Set to a negative value to never expire tickets cas.ticket.tgt.maxTimeToLiveInSeconds=1350000 cas.ticket.tgt.timeToKillInSeconds=7200 cas.ticket.tgt.rememberMe.enabled=true cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=1350000 ## #Throttled Timeout ## cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800 cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5 cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800 Have you got an idea ? Best regards Romain -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca<javascript:> -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1520269937.1811.0.camel%40uvic.ca.
