I didn't add to this that the proxyValidate call fails the ST validation so the client isn't able to complete the authentication.
I would really like to implement this and am wondering if I am missing something. -John From: Ourada, John [mailto:[email protected]] Sent: Wednesday, September 21, 2011 12:15 PM To: [email protected] Subject: [cas-user] cas login throttling error with ticket expiration policy I configured login throttling per: https://wiki.jasig.org/display/CASUM/Ticket+Expiration+Policy Here is the config contents: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd <http://www.springframework.org/schema/beans%20http:/www.springframework .org/schema/beans/spring-beans-2.0.xsd> "> <description> Assignment of expiration policies for the different tickets generated by CAS including ticket granting ticket (TGT), service ticket (ST), proxy granting ticket (PGT), and proxy ticket (PT). These expiration policies determine how long the ticket they are assigned to can be used and even how often they can be used before becoming expired / invalid. </description> <!-- Expiration policies --> <bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolic y"> <!-- This argument is the number of times that a ticket can be used before its considered expired. --> <constructor-arg index="0" value="1" /> <!-- This argument is the time a ticket can exist before its considered expired. --> <constructor-arg index="1" value="5000" /> </bean> <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.ThrottledUseAndTimeoutExpirationPoli cy" p:timeToKillInMilliSeconds="7200000" p:timeInBetweenUsesInMilliSeconds="2000" /> </beans> When I put this policy in place, I get the following errors when trying to proxyValidate the ST. I did try setting the policy for longer and was able to force the TGT to expire pre-maturely by authenticating a service too quickly. I don't understand why the throttleUseAndTimeoutExpirationPolicyy is failing during ST validation. Cas.log contents: 2011-09-21 12:03:13,154 WARN [org.jasig.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy] - Ticket is expired due to the time being less than the waiting period. 2011-09-21 12:03:13,156 WARN [org.jasig.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy] - Ticket is expired due to the time being less than the waiting period. -John -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
