And I'm saying is that a Service Ticket SHOULD NOT live any longer than one use or a certain time out period (which is the default configuration). If it lives any longer than that, that's A VERY BAD THING. They're designed for one use and then they expire. If they live longer than that one use they can be replayed, which again, is A VERY BAD THING. You should never give anyone an opportunity to use a Service Ticket more than once.
If you're okay with security implication then your method should work for you (I'm guessing it does since you're recommending it ;-)). -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Wed, Jun 25, 2008 at 9:34 AM, Axel Mendoza Pupo <[EMAIL PROTECTED]> wrote: > Again I am not saying that the tickets will never expires, Im saying that > the tickets will never expires by CAS, I will expire the tickets when the > apps send me the info to expire them (the tickets will expired and deleted > from DefaultTicketRegistry). DefaultTicketRegistry is accesible because is > declared as a bean and I can declare a property in other class of type > TicketRegistry and set the bean ticketRegistry that is mappeed in > ticketRegistry.xml. the apps will send me some messages, that I explained in > > http://10.0.0.32/exchweb/bin/redir.asp?URL=http://tp.its.yale.edu/pipermail/cas/2008-June/008682.htmlto > do a syncronized logout on all apps on the system > > -Axel > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
