Adam, Proxy Granting tickets *are* reused. Service providers get a PGT during proxy validation, and then can use them to request proxy tickets multiple times. Proxy Tickets (PTs) are one use only, just like service tickets (STs).
The current protocol spec [1] states (section 3.3.1) "Proxy-granting tickets MUST expire when the client whose authentication is being proxied logs out of CAS." Thanks, Carl Waldbieser ITS System Programmer Lafayette College [1] http://jasig.github.io/cas/development/protocol/CAS-Protocol-Specification.html ----- Original Message ----- From: "Adam Causey" <[email protected]> To: [email protected] Sent: Friday, January 23, 2015 12:10:19 PM Subject: Re: [cas-user] CAS Client Proxy distributed cache size I'd still like to know: Are Proxy Granting Tickets reused, or are they one time use only? > > If PGTs are reused, how long do they last before purged? > On Fri, Jan 23, 2015 at 10:07 AM, Adam Causey <[email protected]> wrote: > I originally was going with ehcache since there is a TicketStorage > implementation already available, but then realized how easy it would be to > create my own Hazelcast version. So I'm going to go with that instead, > which should make things much easier. > > We're using hazelcast with great success in our CAS server installation, > and I'm impressed with it's ability to work so well with minimal > configuration. > > > > On Thu, Jan 22, 2015 at 4:25 PM, Paul B. Henson <[email protected]> > wrote: > >> > From: Adam Causey >> > Sent: Thursday, January 22, 2015 10:57 AM >> > >> > I am setting up a CAS proxy on a client that is clustered and am using >> the >> > ehcache clustering option to distribute the PGTs between nodes. >> >> Personally I would recommend the Hazelcast clustering option over the >> ehcache mechanism… Any particular reason you are going with ehcache? >> >> -- >> Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/ >> Operating Systems and Network Analyst | [email protected] >> California State Polytechnic University | Pomona CA 91768 >> >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
