Niral,
Here is a handy blog, https://fawnoos.com/2022/07/22/cas66-ui-themes/
Ray
On Fri, 2023-06-16 at 12:08 +0000, 'Niral Kunadia' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hello Ray,
As I am upgrading from 6.5.9 to 6.6.8 As we are using custom login page UI. I
have to do few changes in src folder. I have below code in
src/main/resources/templates/layouts.html.
<link rel="stylesheet" type="text/css"
th:href="@{#{webjars.fontawesomemin.css}}"/>
I would like to add webjars dependency in build.gradle. I did not find any
sample for this. Please help! As webjars not finding this it is displaying
blank page instead of custom login page.
Thank you
Niral
From: [email protected] <[email protected]> On Behalf OfRay Bon
Sent: Tuesday, June 6, 2023 12:32 PM
To: [email protected]
Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies -
CAS 6.5
WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM.
DO NOT CLICK links / attachments unless you know that the content is safe! For
suspicious emails, report using the Phish Alert Report button on the upper left
of your email. For marketing/SPAM emails, delete.
Niral,
That version is VERY old. I suggest you use or upgrade to the latest version.
See https://apereo.github.io/cas/developer/Maintenance-Policy.html
It is possible that the properties you have do not work with that old version.
You should be using the overlay instead of the main cas project
https://github.com/apereo/cas-overlay-template
The main cas project is for developers.
See https://fawnoos.com/2022/08/06/cas66-gettingstarted-overlay/
Your application should not be calling to cas on a page refresh (unless it has
a proxy dependency - which I will assume it does not). Once logged in, your
application should set its own session lifetime - independent of cas. Cas is
not an application session manager; it is an SSO manager. The timeouts you have
been asking about are SSO session timeouts.
Ray
On Mon, 2023-06-05 at 18:25 +0000, 'Niral Kunadia' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Ray,
When you say 'on that page for a few mins', what page are you talking about? –
webpage of our app which is integrated with CAS login.
If I login from this page or refresh this page, it is creating new ticket and I
can see that on logs.
I am using this repo: GitHub - apereo/cas at
5.3.x<https://github.com/apereo/cas/tree/5.3.x>
Thank you,
Niral
From: [email protected]<mailto:[email protected]>
<[email protected]<mailto:[email protected]>>On Behalf OfRay Bon
Sent: Monday, June 5, 2023 12:51 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies -
CAS 6.5
WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM.
DO NOT CLICK links / attachments unless you know that the content is safe! For
suspicious emails, report using the Phish Alert Report button on the upper left
of your email. For marketing/SPAM emails, delete.
Niral,
Ticket expiration is built in, nothing to include.
When you say 'on that page for a few mins', what page are you talking about?
Ray
On Mon, 2023-06-05 at 13:21 +0000, 'Niral Kunadia' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Ray,
You are correct, I am doing these steps
Post your cas.ticket.tgt.* config and the steps that you are performing.
I just tested with 6.5.9 and can confirm that these settings work:
cas.ticket.tgt.primary.max-time-to-live-in-seconds=301
cas.ticket.tgt.primary.time-to-kill-in-seconds=120
Are there any dependencies I have to add or extra properties. Or Do I need to
enable any other ticketing properties in configs?
One more question:
cas.ticket.tgt.primary.time-to-kill-in-seconds=120, for this even server is
active/issuing new tickets, does session expire after 120 sec?
I don’t want it to expire if I am on that page for few mins, it is just keep
expiring session even there is activity. Can you please send me link for repo
you are using?
Thank you,
Niral
From: [email protected]<mailto:[email protected]>
<[email protected]<mailto:[email protected]>>On Behalf OfRay Bon
Sent: Friday, June 2, 2023 4:35 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies -
CAS 6.5
WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM.
DO NOT CLICK links / attachments unless you know that the content is safe! For
suspicious emails, report using the Phish Alert Report button on the upper left
of your email. For marketing/SPAM emails, delete.
Niral,
Perhaps I am misunderstanding what it is that you are doing.
Post your cas.ticket.tgt.* config and the steps that you are performing.
I just tested with 6.5.9 and can confirm that these settings work:
cas.ticket.tgt.primary.max-time-to-live-in-seconds=301
cas.ticket.tgt.primary.time-to-kill-in-seconds=120
Ray
On Fri, 2023-06-02 at 17:30 +0000, 'Niral Kunadia' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Thank you Ray,
I notice even I issue new ticket and keep server busy/active, it is still
killing session instead of expanding session. I am using CAS 6.5.9
What is best scenario to test this or some logs or setting I need to add.
Thank you,
Niral
From: [email protected]<mailto:[email protected]>
<[email protected]<mailto:[email protected]>>On Behalf OfRay Bon
Sent: Wednesday, May 31, 2023 12:31 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies -
CAS 6.5
WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM.
DO NOT CLICK links / attachments unless you know that the content is safe! For
suspicious emails, report using the Phish Alert Report button on the upper left
of your email. For marketing/SPAM emails, delete.
Niral,
A refresh of the cas page may not be enough. You may have to get cas to issue a
new ST [to a different application]. The service does not have to be real, just
added to the service registry.
Use this type of url to get cas to go through the login process and issue a ST.
https://cas.host/cas/login?service=https://madeup.service<https://dev.uvic.ca/cas/login?service=https%3A%2F%2Fdemocasclientdev.uvic.ca%2Fdemocasclient%2Fcallback%3Fclient_name%3DCasClient>
Ray
On Wed, 2023-05-31 at 13:39 +0000, 'Niral Kunadia' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hello Ray,
Thank you for reply. This is very useful.
cas.ticket.tgt.primary.max-time-to-live-in-seconds=240
cas.ticket.tgt.primary.time-to-kill-in-seconds=180
These are the setting and for testing I am following these steps.
I am login with cas credentials to web page, after login refresh page every
10second or so for about three mins, I am getting authenticate message and I am
logged in in web page. That means cas server is not idle and in cas logs I can
see ‘Authentication event occurred ’ .So even after server is not idle and with
activity , page is getting logout screen after three mins as we set
cas.ticket.tgt.primary.time-to-kill-in-second=180.
These settings work as expected if server is idle, but not with if server is
not idle.
Not able to find why this is happening.
Thank you,
Niral
From: [email protected]<mailto:[email protected]>
<[email protected]<mailto:[email protected]>>On Behalf OfRay Bon
Sent: Tuesday, May 30, 2023 2:09 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies -
CAS 6.5
WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM.
DO NOT CLICK links / attachments unless you know that the content is safe! For
suspicious emails, report using the Phish Alert Report button on the upper left
of your email. For marketing/SPAM emails, delete.
Niral,
TGT is for life of cas login session, not application session. I am not sure if
cas can send logouts to services when TGT expires - that would create strange
issues in the client applications.
These settings will allow cas session length to increase beyond 30m only if
user logs in to other services or visits cas to refresh a service, etc. (The
values are in seconds. I seem to recall that the minimum value is 2m.)
cas.ticket.tgt.primary.max-time-to-live-in-seconds=some-value-greater-than-1800
cas.ticket.tgt.primary.time-to-kill-in-seconds=1800
For viewing the reports, some additional info can be found,
https://apereo.github.io/cas/6.5.x/monitoring/Monitoring-Statistics.html
Ray
On Tue, 2023-05-30 at 08:30 -0700, 'Niral Kunadia' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hello,
I would like to set, if server is idle/no activity for 30 mins, users should
automatically logoutand session should expire.
If there is activity user stay login without logout.
I tried to set these two properties in .properties file but it still logout
user even if there is activity.
management.endpoint.ticketExpirationPolicies.enabled=true
management.endpoints.web.exposure.include=ticketExpirationPolicies
cas.ticket.tgt.primary.max-time-to-live-in-seconds=120
cas.ticket.tgt.primary.time-to-kill-in-seconds=30
I also added decency -
implementation"org.apereo.cas:cas-server-support-reports:${project.'cas.version'}"
from CAS - Configuring Ticket Expiration Policy Components
(apereo.github.io)<https://apereo.github.io/cas/6.5.x/ticketing/Configuring-Ticket-Expiration-Policy.html>
Please any advice.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e277ae05ca27972c7ce1e418db33325a81338311.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/e277ae05ca27972c7ce1e418db33325a81338311.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/393206864cf874d7758a2abc5b68ae89151345a9.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/393206864cf874d7758a2abc5b68ae89151345a9.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google
Groups "CAS Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/a/apereo.org/d/topic/cas-user/M-hrAO4jo3w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/52ae00b8afd0b859887659f70094d323109a5710.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/52ae00b8afd0b859887659f70094d323109a5710.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20ca731a0cea05c993d5d002b8fb4ad4ab196448.camel%40uvic.ca.
