So something like this : )
The throttled timeout policy extends the TimeoutExpirationPolicy <https://wiki.jasig.org/display/CASUM/Ticket+Expiration+Policy#TicketExp irationPolicy-TimeoutExpirationPolicy> with the concept of throttling where a ticket may be used at most every N seconds. This policy was designed to thwart denial of service conditions where a rogue or misconfigured client attempts to consume CAS server resources by requesting high volumes of service tickets in a short time. That makes a whole of t sense. Thanks, Scott! From: Scott Battaglia [mailto:[email protected]] Sent: Tuesday, September 13, 2011 10:47 AM To: [email protected] Subject: Re: [cas-user] Interesting Problem: too many successful logins There's actually different expiration policies for TGTs that can prevent that. I would take a look at them if you have not. Though I'm also surprised the browser didn't stop that insanity! On Tue, Sep 13, 2011 at 11:44 AM, Ourada, John <[email protected]> wrote: We ran into a problem over the weekend and yesterday where a single user was able to affect performance of our current production cas server (3.4.6 on Tomcat 6.0.28 on Windows). We haven't moved to our new HA setup using Linux and Terracotta : (. An external organization is working with us to provide services to our Library and students and we are using CAS for the authentication component. The organization had a really really bad bug in their software that caused them to fail the validation and send the client back to us for authentication. The client was actually authenticated and so were sent back to the organization with a new ServiceTicket. This happened really fast... I logged 20K ST's for this user in under 10 minutes yesterday alone. I see where I can throttle UNsuccessful login attempts, but what about successful ones : ). -john -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
