Hi everyone, I want to start this new message to get some clarity on how to solve my current issue. I posted a different message with part of my issue and Andy helped me understand that I can not achieve what I am looking for.
My requirement is, there are 3 applications which are using my CAS server. All 3 applications have session time out of 20 mins. Which is 20 minutes of idle time will invalidate the session. User accesses app1. Gets the cas login page. Provides credentials and TGT gets created, he is now logged in. >From app1, there is a link to access app2. Since TGT is valid, he can smoothly >navigate between app1 and app2 without providing credentials again. If I set my TGT expiration timeout as 60 mins, TGT will expire in 60 mins and my user who is actively using both app1 and app2 without any idle time will be prompted to re-login. Which user is not going to like. Lets say I set the TGT to never expire, then the TGT will be valid in the browser while the user left the sessions idle and they timed out. I will implement a filter to capture any further activities on the app1 and app2 sessions and redirect to logout. Lets just say user forgot to logout from a public computer and he hoped that the session any way would time out. An unauthorized user who captures the same browser window could simply type the URL for app3 from that browser window. He can bypass the step of getting TGT destroyed and he is now able to use the authentication of the original user to use app3. Is there a better way to handle this? Please help. Thanks Madhavi -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
