Some additional links for your review:
CAS protocol: http://www.jasig.org/cas/protocol CAS Ticket Expiration Policy: https://wiki.jasig.org/display/CASUM/Ticket+Expiration+Policy -Misagh From: Nicolas Geraud [mailto:[email protected]] Sent: Thursday, August 23, 2012 12:01 PM To: [email protected] Cc: [email protected]; [email protected] Subject: Re: [cas-user] Expiration Policy thx for this explanation. I haven't found a wiki page that explain the basics .. I missed somethig ? Le jeudi 23 août 2012 20:18:31 UTC+2, Jérôme LELEU a écrit : Hi, You have two sessions : your web application session and the SSO session. As long as your web app session lasts, the CAS client will not redirect the user back to the CAS server. When your web session is expired, the CAS client send the user back to the CAS server which checks if the SSO session is expired. If expired, the login page is displayed for re-authentication. If not expired, the user is redirected back to the application with a service ticket which is used by CAS client to validate it against the CAS server and initialize the security context. Service tickets (ST) and granting tickets (TGT) are very different. TGT : cookie, reusable, long lived information = SSO session ST : parameter in url, used once, 1 TGT for n ST, short lived information = access to an application. Best regards, Jérôme -- You are currently subscribed to [email protected] <javascript:> as: [email protected] <javascript:> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
