Hi! I have seen the information you seek... but cannot seem to find it again :) Anyway, as long as you change the time to live variable in the TGC (Ticket granting cookie) you should be able to controll how long the user can have the SSO ability.
Christian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Ortman Sent: 3. juli 2007 14:36 To: Yale CAS mailing list Subject: CAS session expiration -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I feel as though this question is really basic, but for some reason, I can't seem to find answers (maybe my Googlefoo is just weak...). Is there some configuration setting in the CAS service where I can specify the equivalent of: "Once users authenticate, they will have SSO capabilities for a maximum of X minutes before they will be forced to reauthenticate to CAS." I would love to force that expiration timeout to be 9 hours so that at least if some user leaves their browser open over night, and they try to go to some CAS enabled site, they would need to reauthenticate. I don't like the idea that an open browser can provide unlimited CAS logins to all of our apps accidentally. Obviously individual applications would also need to expire their sessions, but for our important in-house applications, we've already done this, but this is currently being defeated by CAS. Thanks in advance for the two-by-clue tapping I'm sure to receive. - -- Paul Ortman PGP Key: 55602C81 - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGikKvfw8KGlVgLIERArYDAKCT85mn3UzxsL/EKXzZoTkfSq5oqwCdFkTv hdqbE+PncrxwREEYSGUDQVE= =Ylry -----END PGP SIGNATURE----- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
