On Tue, 11 Nov 2014, jeffrey tan wrote:
well, my probems are solved. the root cause of that is my
custom SavedRequestAwareAuthenticationSuccessHandler, so there is no
problems with the CAS4. is my client app.
However how to set the lifecycle of the service ticket? or give some hints
where should i study?
I don't know if it is the same in CAS 4, but in CAS 3.5.2 the
cas.properties file contains:
##
# Service Ticket Timeout
# Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
#
# Service Ticket timeout - typically kept short as a control against replay
attacks, default is 10s. You'll want to
# increase this timeout if you are manually testing service ticket
creation/validation via tamperdata or similar tools
#st.timeToKillInSeconds=10
You can also alter the number of uses for the ST in the
ticketExpirationPolices.xml file.
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
