Hello, I have a single CAS server v3.4.11 and a handful of clients (mostly apache mod_auth_cas v1.0.8; some CAS [java] Client; and phpCAS).
The CAS server v3.4.11 is using a default configuration. I _think_ this is how it works. Please confirm/correct : 1) does the default CAS server configuration support 'single sign on'? 2) the first time a browser sucessfully authenticates with the CAS server, the server creates a TGT for the user, and sends it to the browser. The browser can use that TGT thereafter to authenticate to any other service using the CAS client until the TGT expires or the browser destroys it's copy of the TGT. Is that correct? 3) where does the CAS server store the valid TGT information? 4) the bean id="grantingTicketExpirationPolicy" (defined by default in the spring-configuration/ticketExpirationPolicies.xml file) is the amount of time which the TGT can go unused before it expires. Is that correct? 5) when does a browser re-use the TGT? Every time it needs a new Service Ticket, or only when the TGT expires? 6) when does a browser need a Service Ticket? For every cas-protected URL it visits? 7) a Service Ticket expires by default in 5 minutes (defined in the web.xml). Is that correct? Thanks much, Jon -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
