I am looking for clarification on the timeout dependency chain on the
ST/TGT/ProxyTickets
My limited understanding of the sequence of events is(happy path...not the
unhappy one):
User Hits a CAS protected page for the first time
User is redirected to the CAS login page
User Credentials are submitted to CAS
CAS generates a TGT
CAS generates a ST
CAS authenticates USER
ST is validated
User is redirected to the original URL
Now, the user is merrily skipping along through the application...
User accesses a service that requires a proxy ticket
The application uses the TGT to grab a proxy ticket
Proxy ticket is supplied to the service
The service validates the PT
User is happy and continues skipping along through the app
Let's say the Service Ticket times out i.e. the SSO session expires.
The user accesses a service that requires a proxy ticket
The application attempts to use the TGT to acquire a proxy ticket.
When the SSO session expires, all associated tickets are expired as well,
correct?
The user will be asked to log in again and a new ST and TGT will be
provided by CAS. It is the
application's responsibility to manage this scenario.
Default Service SSO session expiration time == TGT expiration time?
Final question:
Proxy Ticket is granted.
TGT expires before Proxy Ticket is used
Proxy Ticket is invald and the service being proxied will not validate
the PT?
Thanks,
Dean
--
View this message in context:
http://www.nabble.com/Looking-for-Clarification-on-ST-TGT-ProxyTicket-timeouts-tp24275776p24275776.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
