> Thanks for the clarification; and if I only want to set a maximum > lifetime, > ignoring when last used, I guess I'd set them to be equal (as long as TTL > >= > TTK)?
You'd want to use the HardTimeoutExpirationPolicy instead: https://wiki.jasig.org/display/CASUM/Ticket+Expiration+Policy > -----Original Message----- > From: Tom Poage [mailto:[email protected]] > Sent: Friday, August 9, 2013 2:31 PM > To: [email protected] > Subject: Re: [cas-user] ticketRegistryCleaner > > On 08/09/2013 02:22 PM, Marvin S. Addison wrote: > > You should configure both cache expiration/eviction semantics and CAS > > ticket expiration policy. For service tickets it's pretty easy to > > configure both such that they're semantically equivalent; set the TTL > > on the cache entry to equal the absolute expiration period of a > > ticket. For ticket-granting tickets, on the other hand, you can > > implement more complex policies than that of a simple cache entry TTL. > > If you're using the default sliding expiration policy for TGTs, then > > you'd want the cache TTL to equal the maximum lifetime of a ticket. > > The sliding window should be substantially less than the maximum > > lifetime; for example 8h maximum and 2h sliding window. > > Thanks for the clarification; and if I only want to set a maximum > lifetime, > ignoring when last used, I guess I'd set them to be equal (as long as TTL > >= > TTK)? > > > st.timeToKillInSeconds=X > > tgt.maxTimeToLiveInSeconds=Y > > tgt.timeToKillInSeconds=Y > > Cf. TicketGrantingTicketExpirationPolicy.java > > > public boolean isExpired(final TicketState ticketState) { > > // Ticket has been used, check maxTimeToLive (hard window) > > if ((System.currentTimeMillis() - ticketState.getCreationTime() > > >= > maxTimeToLiveInMilliSeconds)) { > > if (log.isDebugEnabled()) { > > log.debug("Ticket is expired due to the time since > > creation being > greater than the maxTimeToLiveInMilliSeconds"); > > } > > return true; > > } > > > > // Ticket is within hard window, check timeToKill (sliding > > window) > > if ((System.currentTimeMillis() - ticketState.getLastTimeUsed() > > >= > timeToKillInMilliSeconds)) { > > if (log.isDebugEnabled()) { > > log.debug("Ticket is expired due to the time since last > > use being > greater than the timeToKillInMilliseconds"); > > } > > return true; > > } > > > > return false; > > } > > Thanks. > Tom. > > > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
