Hi Jason, On Wed, Oct 17, 2012 at 3:08 PM, Jason Whitener <[email protected]> wrote: > We are in the early research stages of deploying cas at our college. > In talking with another school, one of their headaches comes from > dealing with multiple different timeout values across applications and > cas. > > I'll try to summarize what the other school was telling me: > > Since the cas authentication has a timeout value, and the application > has a timeout value, users become confused if, say, they started a > session in one application, used up half the cas timeout value, went > into another casified application, and then were timed out early > because the cas session from the prior application ended. > > Is that a mis-configuration issue or a real issue that cas admins have > to contemplate? If it is a real issue, what are some of the best > practices around dealing with discrepant timeout values across > multiple applications?
Slides 6-9 try to get at this issue a bit: https://wiki.jasig.org/download/attachments/45450793/Best+practices+in+deploying+CAS+-+Jasig+2011.pdf?version=1&modificationDate=1306898180388 The main thing to keep in mind is that application sessions (and their respective timeouts) and CAS WebSSO session are independent. In terms of the best practices about configuration, it really depends on your particular user cases and the expected user experience. The defaults in 3.5 are for the WebSSO session to timeout if the user hasn't interacted with the CAS server within 2 hours (e.g. clicked on an SSO link) or an 8 hour max session time is reached. Best, Bill Thompson Unicon > > thank you, > > Jason Whitener > Portland Community College > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
