You're correct its because of the TGT that they aren't prompted for their credentials again.
You can either change the TGT expiration time (or even the # of times it can be used) or tell the application to use renew=true which forces re-authentication each time. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, Jul 28, 2008 at 8:23 AM, Li Wei Nan <[EMAIL PROTECTED]> wrote: > Thank you Scott. In our application we set the application-scope session > timeout to half a hour. But after the application-scope session get timeout, > the users get redirected to CAS, and then it seems CAS login for them > automatically (not asking them to enter loginname and password again) and > redirect back to application. We deduce that is because TGC is not expired > so the login info is still on the CAS server? Or it's not concerned with CAS > at all, and maybe some application-scope cookies are affecting it(We are > trying to figure it out but still haven't made any progress)? > Thanks for help! > > Best Regards, > - Li Wei Nan > > > > > > On Jul 28, 2008, at 7:50 PM, Scott Battaglia wrote: > > CAS doesn't maintain any per-application time outs. Session management of > the applications is left up to the applications themselves. The timeout for > ServiceTickets is merely the length of time they are valid for (thus if you > tried to validate it after the timeout, it would fail). The timeout doesn't > correlate to any session. > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Mon, Jul 28, 2008 at 1:25 AM, Li Wei Nan <[EMAIL PROTECTED]> wrote: > >> Hi All, >> I need to set the user expiration time individually on each connected >> service. I know that setting the ServiceTicket and GrantingTicket expiration >> time on CAS can control it in baseline. >> But are there any methods that I could set it individually on each >> service? Such as set user login expiration time on APP1 to 10s, and on APP2 >> to 2hours? >> >> I've tried using ajax to call 'cas logout' for user, but it's ugly. >> >> Thanks! >> - Li Wei Nan >> >> >> >> >> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
