[cas-user] cas login throttling error with ticket expiration policy

Wed, 21 Sep 2011 10:16:39 -0700 

I configured login throttling per:
https://wiki.jasig.org/display/CASUM/Ticket+Expiration+Policy

 

Here is the config contents:

 

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans";

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";

       xmlns:p="http://www.springframework.org/schema/p";

       xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>

        <description>

        Assignment of expiration policies for the different tickets
generated by CAS including ticket granting ticket (TGT), service ticket
(ST), proxy granting ticket (PGT), and proxy ticket (PT).

        These expiration policies determine how long the ticket they are
assigned to can be used and even how often they can be used before
becoming expired / invalid.

        </description>

 

        <!-- Expiration policies -->

        <bean id="serviceTicketExpirationPolicy"
class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolic
y">

                <!-- This argument is the number of times that a ticket
can be used before its considered expired. -->

                <constructor-arg

                        index="0"

                        value="1" />

 

                <!-- This argument is the time a ticket can exist before
its considered expired.  -->

                <constructor-arg

                        index="1"

                        value="5000" />

        </bean>

        <bean id="grantingTicketExpirationPolicy"

 
class="org.jasig.cas.ticket.support.ThrottledUseAndTimeoutExpirationPoli
cy"

              p:timeToKillInMilliSeconds="7200000"

              p:timeInBetweenUsesInMilliSeconds="2000"

        />

</beans>

 

 

 

When I put this policy in place, I get the following errors when trying
to proxyValidate the ST.  I did try setting the policy for longer and
was able to force the TGT to expire pre-maturely by authenticating a
service too quickly.  I don't understand why the
throttleUseAndTimeoutExpirationPolicyy is failing during ST validation.

 

Cas.log contents:

2011-09-21 12:03:13,154 WARN
[org.jasig.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy] -
Ticket is expired due to the time being less than the waiting period.

2011-09-21 12:03:13,156 WARN
[org.jasig.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy] -
Ticket is expired due to the time being less than the waiting period.

 

-John


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to