> Having a short timeout on the service tickets would mitigate that > vulnerability. Service tickets should really be consumed within seconds of > generation.
+1 The default 5 minute service ticket timeout far too long for a good security/usability compromise. We should consider reducing it to 10s or less since that is an eternity for most environments, even under load, where CAS is deployed. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
