Both are generally handled via 'gateway=true'. In the past, we had discussions on allowing having CAS clients, the Java client at least, send out heartbeat signals to keep the TGT alive, but that's all I recall.
> -----Original Message----- > From: Christian Rohmann [mailto:[email protected]] > Sent: Tuesday, June 16, 2015 9:19 AM > To: [email protected] > Subject: [cas-user] re-validation of an ST and TGT-extention without > redirecting the user to CAS login page? > > Hello cas-users, > > I got a two services working with CAS SSO. But as a service ticket (ST) is > only valid for the actual log-in and a very short time, I was wondering how > one should approach two things: > > 1) re-validate the user is still logged into CAS, a.k.a. has a valid TGT > having a much shorter application session lifetime than the TGT lifetime > might be. > (This completely ignores the fact that one could simply do support Single- > Log Out (SLO) for the service so CAS can invalidate old TGTs.) > > 2) extending the lifetime of the TGT through activity in one (or more > services) but without sending the user to the CAS login page again? > Should one simply embed a request to the CAS webserver into every service > website so the user-agent does requests to CAS from time to time? Maybe via > a simple AJAX request? How does one throttle those requests then? > > > > I have seen the diagram on > https://jasig.github.io/cas/development/installation/Logout-Single- > Signout.html > but am still wondering if a user would not expect to still be logged in > (valid TGT) after being active for some time in one service for a while, > somehow "showing" activity. > > Of course one could argue that switching between services occasionally and > therefor ending up being redirected to CAS should be enough to maintain the > TGT, but imagine a rather short TGT lifetime (sliding window, so expecting > activity) and a user being active in an long lived application like an > groupware or a soft phone. If the user shows some sort of activity where, > extending the TGT and therefor staying logged is what the user would expect. > > > > > Regards > > Christian > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
