[cas-user] Re: per-service cas.saml-core.skew-allowance?

Wed, 15 Mar 2023 20:25:49 -0700 

Hi Baron,

We are running CAS version 6.5.9 and I was able to set a skew allowance 
value per service as follows:
{
   "@class" : "org.apereo.cas.services.RegexRegisteredService",
   "serviceId" : "^https://.*";,
   "name" : "Sample",
   "id" : 10,
   "skewAllowance": 40
}

Note: Setting a negative  *skewAllowance* value will not work in 6.5.9 du 
to a bug (fixed in 6.6.x)

Hope this helps.

Thanks
Olivier Begon
ITS -  Florida State University

On Tuesday, March 14, 2023 at 4:17:27 PM UTC-4 baron wrote:

> On a CAS 6.5 system, we're trying to troubleshoot a problem with one of 
> our CAS clients applications. One experiment we'd like to try is to 
> increase cas.saml-core.skew-allowance from its default 30s to perhaps 40s. 
>
> Ideally we'd like to try this on a per-service basis to limit the scope of 
> the change, but I don't see an example of this in the documentation at <
> https://apereo.github.io/cas/6.5.x/protocol/SAML-Protocol.html#configuration
> >
>
> Perhaps something like:
>
> {
>     "@class" : "org.apereo.cas.services.RegexRegisteredService",
>     "serviceId" : "^https://.*";,
>     "name" : "Sample",
>     "id" : 10,
>     "notSureWhatIdentifierToUseHere": {
>       "@class": " 
> org.apereo.cas.configuration.model.support.saml.SamlCoreProperties",
>       "skew-allowance": PT40S
>     }
> }
>
> This was modeled from the example for 
> cas.ticket.st.time-to-kill-in-seconds at <
> https://apereo.github.io/cas/6.5.x/ticketing/Configuring-Ticket-Expiration-Policy.html#per-service>.
>  
> However, assuming this is possible, I don't know what would be appropriate 
> where I have the placeholder "notSureWhatIdentifierToUseHere".
>
> -- 
> Baron Fujimoto <ba...@hawaii.edu> ::: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0c5da7ec-19f2-4d1f-9583-59c6a7d95c9an%40apereo.org.

Reply via email to