If you're interested in understanding how things work, my recommendation is to read: http://www.jasig.org/cas/protocol
It pretty much explains everything. If you have questions after reading that, please let us know. Cheers, Scott On Tue, Jun 30, 2009 at 1:02 PM, deanhe01 <[email protected]> wrote: > > I am looking for clarification on the timeout dependency chain on the > ST/TGT/ProxyTickets > > My limited understanding of the sequence of events is(happy path...not the > unhappy one): > > User Hits a CAS protected page for the first time > User is redirected to the CAS login page > User Credentials are submitted to CAS > CAS generates a TGT > CAS generates a ST > CAS authenticates USER > ST is validated > User is redirected to the original URL > > Now, the user is merrily skipping along through the application... > > User accesses a service that requires a proxy ticket > The application uses the TGT to grab a proxy ticket > Proxy ticket is supplied to the service > The service validates the PT > User is happy and continues skipping along through the app > > Let's say the Service Ticket times out i.e. the SSO session expires. > > The user accesses a service that requires a proxy ticket > The application attempts to use the TGT to acquire a proxy ticket. > When the SSO session expires, all associated tickets are expired as well, > correct? > The user will be asked to log in again and a new ST and TGT will be > provided by CAS. It is the > application's responsibility to manage this scenario. > > > Default Service SSO session expiration time == TGT expiration time? > > Final question: > > Proxy Ticket is granted. > TGT expires before Proxy Ticket is used > Proxy Ticket is invald and the service being proxied will not validate > the PT? > > Thanks, > > Dean > > -- > View this message in context: > http://www.nabble.com/Looking-for-Clarification-on-ST-TGT-ProxyTicket-timeouts-tp24275776p24275776.html > Sent from the CAS Users mailing list archive at Nabble.com. > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
