Excellent, thank you. Our ST expiration lifetime is too long.
On Friday, 4 March 2022 at 12:20:13 UTC petr.f...@gmail.com wrote:
> Hello,
> I think you should look into TGT/ST expiration and validation policies
>
Hello,
I think you should look into TGT/ST expiration and validation policies
https://apereo.github.io/cas/6.4.x/ticketing/Configuring-Ticket-Expiration-Policy.html
.
For example, setting
cas.ticket.st.number-of-uses=1
will make CAS invalidate the service ticket after one validation
The lifetime of a service ticket is usually set pretty short-- 15 or 20
seconds max. Alice needs to leak her ST within that timeframe for it to be
valid, or else Bob should get an invalid ticket error at the client.
You may want to examine the ST lifetime and shorten it.
Thanks,
Carl Waldbieser
Hello,
Just a heads up on this. After some debugging, I suspect there is an issue
somewhere after the attributes get loaded into attribute repository. That's
where List gets garbled into List and because
Group.toString() is not defined, the list gets filled with Java identifiers
of Group
Hi,
We have had a user complain about the behaviour of an application protected
by CAS single sign on.
The user Alice has logged into the application via the CAS login page, then
pressed back on their browser and bookmarked the URL with
https://example.com/?ticket=ST-344-adfafff..
Alice