When I implement the ThrottledUseAndTimeoutExpirationPolicy on grantingTicketExpirationPolicy bean, I hit the problem
https://groups.google.com/forum/#!topic/jasig-cas-user/bMZd0IwBr-I Is it solved in recent release? It is weird that ThrottledUseAndTimeoutExpirationPolicy is only for TGT and why it is checked on ST validation. -Ken On Sun, Oct 7, 2012 at 4:17 AM, Scott Battaglia <[email protected]> wrote: > You can control the usage of the TGT (and thus creation of STs) with a > custom expiration policy (if the existing one doesn't meet your needs) > > > On Wed, Sep 26, 2012 at 2:06 AM, Ken LAI <[email protected]> wrote: >> >> Do you know if there is mechanism in CAS server side to throttle a >> misbehaved casclient application that looped between user browser and >> the CAS application? Service tickets are continuous to generate but >> no consumption by the application, and redirect the browsers to obtain >> ST for the application again. >> >> The idea is that if we can set a threshold of ST generation within a >> certain time period for the same client IP and service URL, we can >> deny the access when it is over. >> >> Regards, >> -Ken >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
