I would change the application and not do it via CAS. Changing the application session timeout to what they want. Because otherwise it will do a SSO session again, which will interrupt anything the end user is trying to do with the browser open for the past two days. So anything done via CAS won't give a good user experience. ________________________________ From: [email protected] <[email protected]> on behalf of Ray Bon <[email protected]> Sent: Wednesday, July 27, 2022 4:34:56 PM To: [email protected] <[email protected]> Subject: Re: [cas-user] ideas for persistence login session
Pablo, The long running pages could be added as a service with longer TGT life, https://apereo.github.io/cas/6.5.x/ticketing/Configuring-Ticket-Expiration-Policy.html#per-service Ray On Wed, 2022-07-27 at 12:16 -0700, Pablo Vidaurri wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Currently CAS TGT is an 8hr session, ST is a 2hr session. Client is requesting to enable certain parts of their site (protected) to include a longer ST (for weeks) while maintaining a 2hr session for other secured parts like "Account/Profile". I understand the application needs to change, but is there anything on the CAS side that I can do to help in this effort? Would JWT help? When a user successfully logs in, issue a JWT good for 4 weeks with user's credentials. Now lets assume the TGT/ST are no longer valid and the user is trying to access part of the site where not logging is not required for days (protected area). The JWT would then be used to auto login the user. Achievable or pure abuse? Also considered increasing the TGT TTL for weeks and creating separate services to define an AuthenticationDateRegisteredServiceSingleSignOnParticipationPolicy of 2hrs/8hrs, etc but this this means certain parts of the site need to be under specific URL patterns. Any suggestions? -psv -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a5c8a9514a354884dd7a78daba1dba5272b9620f.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/a5c8a9514a354884dd7a78daba1dba5272b9620f.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR08MB2778300FAF7FA4D5C5950D068B979%40DM5PR08MB2778.namprd08.prod.outlook.com.
