Dan, The sliding window for TGT is affected by proxy ticket requests. Even if you do not have a proxied service, this could still limit the number of applications a user logs in to.
Are you trying to limit the number of times the TGT can be used or limit the number of times one particular application can renew its session before requiring a password prompt? If the latter, perhaps adding the counter to the cas client and then have the login request send the 'renew' parameter, which will force login. Or, adding it to the service definition. Both of these options would require many code changes. Ray On Fri, 2020-04-03 at 15:56 -0400, Daniel Ellentuck wrote: I'd like to add a MaximumNumberOfUses condition to org.apereo.cas.ticket.support.TicketGrantingTicketExpirationPolicy, which establishes a sliding expiration window for the TGT. I don't see anything that does exactly that. Did I miss something? (I'm currently using 5.3.x, but this seems consistent across all modern versions.) If not, I can submit a PR. Thanks, Dan Dan Ellentuck Columbia University I.T. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8e1f54fed3a33973654cde120d84cd88b7515716.camel%40uvic.ca.
