I'm still investigating but yes, we have the Surrogate/Impersonation
overlay. To allow a TGT timeout of 8 hours, I had to also set
cas.authn.surrogate.tgt.timeToKillInSeconds to 8 hours. Things now behave
like I would expect. Not sure how that's different from
cas.ticket.tgt.maxTimeToLiveInSeconds/cas.ticket.tgt.timeToKillInSeconds.
-ds
On Wednesday, December 9, 2020 at 6:47:11 PM UTC-5 Ray Bon wrote:
> David,
>
> I searched the cas code base and it does not exist.
> It does show up in one build output (that I did not set),
> api/cas-server-core-api-configuration-model/build/classes/java/main/META-INF/spring-configuration-metadata.json:
>
> {
> "name" : "cas.authn.surrogate.tgt.time-to-kill-in-seconds",
> "type" : "java.lang.Long",
> "description" : "Timeout in seconds to kill the surrogate session and
> consider tickets expired.",
> "defaultValue" : 1800,
> "hints" : {
> "keyHints" : [ ],
> "keyProviders" : [ ],
> "valueHints" : [ ],
> "valueProviders" : [ ]
> },
> "deprecated" : false
> }
>
> Are you using a surrogate session?
>
> Ray
>
> On Wed, 2020-12-09 at 13:41 -0800, Dave Steiner wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> I'm also seeing this ttl of 1800 seconds when adding the TGT to the
> Hazelcast ticket registry. Not sure where that's coming from. While the
> timing doesn't quite match up, could that be causing my problems?
>
> cas-2020-12-09-11-1.log:2020-12-09 11:29:44,143 DEBUG
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Adding ticket
> [TGT-1-*************************************************foM3FNjNe43BFTFn-0localhost]
>
> with ttl [1800s]>
>
> cas-2020-12-09-11-1.log:2020-12-09 11:29:44,147 DEBUG
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Added ticket
> [975f2d9f54c0975a5e75c074a12a2d2f30e3c1409c725b13717be556da9a11bb09d14f7a1b1c9a043e85393f00342a6e45b6d722eb36e96476de2bfc190d4f7a]
>
> with ttl [1800s]>
>
> On Tuesday, December 8, 2020 at 11:42:02 PM UTC-5 Dave Steiner wrote:
>
> Here's the debug logs I see when I have to reauthenticate:
>
> 2020-12-08 23:35:28,117 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original
> ticket id
> [TGT-2-*************************************************qqSZUWoYpA00N
> 5K2yklocalhost] to
> [8ac82aa3ae3ce4640e87268ff25f1f2d2680907d891413e6231a66dcdf9f8a9787741cd9e292d766f3cf62612cf474ff6203803af11e12bf23259698598888aa]>
> 2020-12-08 23:35:28,117 DEBUG
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map
> name [ticketGrantingTicketsCache] for ticket definition
> [DefaultTicketDefinition(i
> mplementationClass=class org.apereo.cas.ticket.TicketGrantingTicketImpl,
> prefix=TGT, properties=DefaultTicketDefinitionProperties(cascade=false,
> storageName=ticketGrantingTicketsCache, stor
> ageTimeout=10800, storagePassword=null), order=2147483647
> <(214)%20748-3647>)]>
> 2020-12-08 23:35:28,117 DEBUG
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located
> Hazelcast map instance [ticketGrantingTicketsCache]>
> 2020-12-08 23:35:28,123 WARN
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Ticket passed is
> null and cannot be decoded>
>
> and then
>
> 2020-12-08 23:35:28,139 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT: [event=success,timestamp=Tue Dec 08 23:35:28 EST
> 2020,source=RankedAuthenticationProviderWebflowEventResolver]
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Tue Dec 08 23:35:28 EST 2020
> CLIENT IP ADDRESS: 172.29.220.74
> SERVER IP ADDRESS: dev-cas.rutgers.edu
> =============================================================
>
> >
> 2020-12-08 23:35:28,140 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original
> ticket id
> [TGT-2-*************************************************qqSZUWoYpA00N
> 5K2yklocalhost] to
> [8ac82aa3ae3ce4640e87268ff25f1f2d2680907d891413e6231a66dcdf9f8a9787741cd9e292d766f3cf62612cf474ff6203803af11e12bf23259698598888aa]>
> 2020-12-08 23:35:28,140 DEBUG
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map
> name [ticketGrantingTicketsCache] for ticket definition
> [DefaultTicketDefinition(i
> mplementationClass=class org.apereo.cas.ticket.TicketGrantingTicketImpl,
> prefix=TGT, properties=DefaultTicketDefinitionProperties(cascade=false,
> storageName=ticketGrantingTicketsCache, stor
> ageTimeout=10800, storagePassword=null), order=2147483647
> <(214)%20748-3647>)]>
> 2020-12-08 23:35:28,140 DEBUG
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located
> Hazelcast map instance [ticketGrantingTicketsCache]>
> 2020-12-08 23:35:28,146 WARN
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Ticket passed is
> null and cannot be decoded>
> 2020-12-08 23:35:28,147 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original
> ticket id
> [TGT-2-*************************************************qqSZUWoYpA00N
> 5K2yklocalhost] to
> [8ac82aa3ae3ce4640e87268ff25f1f2d2680907d891413e6231a66dcdf9f8a9787741cd9e292d766f3cf62612cf474ff6203803af11e12bf23259698598888aa]>
> 2020-12-08 23:35:28,147 DEBUG
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map
> name [ticketGrantingTicketsCache] for ticket definition
> [DefaultTicketDefinition(i
> mplementationClass=class org.apereo.cas.ticket.TicketGrantingTicketImpl,
> prefix=TGT, properties=DefaultTicketDefinitionProperties(cascade=false,
> storageName=ticketGrantingTicketsCache, stor
> ageTimeout=10800, storagePassword=null), order=2147483647
> <(214)%20748-3647>)]>
> 2020-12-08 23:35:28,147 DEBUG
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located
> Hazelcast map instance [ticketGrantingTicketsCache]>
> 2020-12-08 23:35:28,153 WARN
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Ticket passed is
> null and cannot be decoded>
> 2020-12-08 23:35:28,154 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT:
> TGT-2-*************************************************qqSZUWoYpA00N5K2yklocalhost
> ACTION: TICKET_GRANTING_TICKET_DESTROYED
> APPLICATION: CAS
> WHEN: Tue Dec 08 23:35:28 EST 2020
> CLIENT IP ADDRESS: 172.29.220.74
> SERVER IP ADDRESS: dev-cas.rutgers.edu
> =============================================================
>
> >
>
>
> On Friday, December 4, 2020 at 3:44:18 PM UTC-5 Dave Steiner wrote:
>
> The usual "expire when the browser is closed".
>
> On Wednesday, December 2, 2020 at 5:31:12 PM UTC-5 Ray Bon wrote:
>
> Dave,
>
> What is the expiry time on the TGC in your browser?
>
> Ray
>
> On Wed, 2020-12-02 at 14:25 -0800, Dave Steiner wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> --
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
>
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ad99a248-d855-48e5-8a4f-71e175a16bc0n%40apereo.org.
