Actually just the request, the reason for this, is a previous bug.
While we were testing, the simple f5(refresh) test, we seem to be getting
database error, after 150 tickets. The blob for the registered service int
TGT, was to big to be saved to the database. This again gave some errors
with single log out...
So we switched the key from ticket to service( map<ticket,service> to
map<service,ticket>,) we always keep our newsted ticket and deleted the old
one. This solved our problem, and none of the system had any problems with
this new solution.
Kind regards,
Danny
dale77 wrote:
>
>
> Does your solution use the number of unvalidated tickets over a timeframe
> or just the number of tickets requested over a timeframe for abuse
> detection?
>
> As long as the ticket is validated by the client, it should not count for
> abuse. Applications which choose to not maintain thier own session, and
> rely on a ticket for every request will become "abusers" unless ticket
> validation decrements the use count.
>
>
> Danny B. wrote:
>>
>> Solution:
>> New table with following values:
>> Ticket Granting Ticket id, RegisteredService, TimeStamp,
>> #timesUsedSinceTimeStamp,
>>
>> TimeStamp: This is set every x amount of seconds/minutes
>>
>> pseudo code
>> <code>
>> if( Timestamp > (currentTime - measurementTime){
>> RegisteredService.timesUsedSinceTimeStamp =+ 1;
>> }
>> else{
>> TimeStamp = currentTime ;
>> }
>> if ( RegisteredService.timesUsedSinceTimeStamp > X*){
>> redirect to ErrorPage
>> REPORT TO ADMIN
>> }
>>
>> X(being the maximum of used within a certain time frame)
>> </code>
>>
>> I am planning to implement this solution this week.
>> The source code will be posted.
>>
>> I would just like to hear your advice, on how to implement this solution.
>> So you don't have to change much, if you want to import it in cas. <==
>> goal
>>
>> Kind regards,
>>
>> Danny
>>
>
>
--
View this message in context:
http://www.nabble.com/possible-solution-preventing-abuse-cas-infinite-loop-redirect-service-tp23389145p23535661.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
