Thank you Ray for your anwser. But, when cas.tgc.maxAge=-1, it's doesn't affect TGC ticket and when i restart browser, TGC is not removed.
I connect to my cas server : <https://lh3.googleusercontent.com/-dlX-g502DIw/Wpkpd4sWIqI/AAAAAAAAo5c/rCuzl_QSv5oV0Sx8OnddiLX17iWWp-uyACLcBGAs/s1600/Jasig1.PNG> Without rememberMe <https://lh3.googleusercontent.com/-aOkRN1tOc3c/WpkpllaSX8I/AAAAAAAAo5g/A8iDVManT5M2eWLtFv9ewg60_vNOZhAAgCLcBGAs/s1600/Jasig2.PNG> SuccessFull I close my browser and i open. and i'm still connected <https://lh3.googleusercontent.com/-0TIWpc3Fq70/Wpkp4aIuVKI/AAAAAAAAo5k/XufMq6f-Mg8K9Tx7Bs1yW6oYF-Vzi6agwCLcBGAs/s1600/Jasig2.PNG> and yet my cas.tgc.maxAge value is -1 Le jeudi 1 mars 2018 18:44:49 UTC+1, rbon a écrit : > > To be clear, what do you mean by 'session'? > > CAS has a login session identified by the life of the TGT. > Your application (service) has a session identified by whatever mechanism > it chooses (probably a cookie). > Your browser has a session with CAS identified by TGC. > > Each of these 'sessions' can expire without impact of any other. > cas.tgc.maxAge=-1 only affects TGC and requires your browser to be closed > (maybe even all windows). When the TGC is removed, no new SSO will take > place (no way to recover TGT). When TGT expires, no new SSO will take > place. To end your session on the service, you have to log out of the > service or remove the cookies it sets (perhaps set its maxAge=-1). > > Ray > > On Thu, 2018-03-01 at 00:40 -0800, vallee.romain wrote: > > Thank you Rbon, > > I just try with maxage=-1 > but session is stile alive without check rememberMe checkbox. > and a > cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 is generate . > <https://lh3.googleusercontent.com/-M63S0VCpRro/Wpe8TY_fZiI/AAAAAAAAo4M/d-zmyCK5UsoeZ0IdQcZ7Jggt-j3ji-r8gCLcBGAs/s1600/Capture.PNG> > > > > # cas.tgc.path= > cas.tgc.maxAge=-1 > # cas.tgc.domain= > cas.tgc.name=TGC > #cas.tgc.secure=false > #cas.tgc.rememberMeMaxAge=1350000 > cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4 > > cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A > cas.tgc.cipherEnabled=true > > # #remember me 31 days in seconds > # # Set to a negative value to never expire tickets > cas.ticket.tgt.maxTimeToLiveInSeconds=25200 > #cas.ticket.tgt.timeToKillInSeconds=7200 > cas.ticket.tgt.rememberMe.enabled=true > cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 > > > May be it's a bug? > > Le mercredi 28 février 2018 18:24:17 UTC+1, rbon a écrit : > > Romain, > > You still need cas.tgc.maxAge=-1. No sure what the default is (may be a > couple weeks) but setting a cookie maxAge to less than 0 will cause the > cookie to be discarded by the browser when it closes. It will stay active > in the browser as long as the browser is open, the lifetime of the CAS > session can be managed with cas.ticket.tgt properties. > > Ray > > On Wed, 2018-02-28 at 00:27 -0800, vallee.romain wrote: > > Thank you all for your response. > I'm surprised the TGC stays after the browser closes. > > For me, if we didn't check "Remember Me", we had authentication per > session and not a cookie. > > > cas.tgc.name=TGC > #cas.tgc.secure=false > #cas.tgc.rememberMeMaxAge=1350000 > cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4 > > cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A > cas.tgc.cipherEnabled=true > > # #remember me 31 days in seconds > # # Set to a negative value to never expire tickets > cas.ticket.tgt.maxTimeToLiveInSeconds=25200 > #cas.ticket.tgt.timeToKillInSeconds=7200 > cas.ticket.tgt.rememberMe.enabled=true > cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 > #cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=1350000 > > > This is my new configuration. > but the TGC cookie still remains after the closing of the web browser. > In version 4.2 of jasig, if we closed the browser, the session was no > longer maintained. > > > > Le mardi 27 février 2018 17:23:57 UTC+1, rbon a écrit : > > Romain, > > I guess cas.tgc.remeberMeMaxAge overrides cas.tgc.maxAge. > If you want your session to end when browser is closed, leave out > cas.tgc.rememberMeMaxAge. > > Ray > > On Tue, 2018-02-27 at 00:09 -0800, vallee.romain wrote: > > Hello, > > i try to setup jasig TGC for this use case : > > When i check rememberMe : 1 months without need to enter login.password > > When i don't check rememberme : 7 hours unless i close the brother . If i > close the brother, i would like to have login/password prompte at next > login. > > > I think rememberMe if ok . > > But when i try to closed/open the brother, the session is already up . > > # cas.tgc.path= > cas.tgc.maxAge=-1 > # cas.tgc.domain= > cas.tgc.name=TGC > cas.tgc.secure=false > cas.tgc.rememberMeMaxAge=1350000 > cas.tgc.encryptionKey=xxxxxxxxxxx > cas.tgc.signingKey=xxxxxxxxxxxxxxxxx > cas.tgc.cipherEnabled=true > > # #remember me 31 days in seconds > # # Set to a negative value to never expire tickets > cas.ticket.tgt.maxTimeToLiveInSeconds=1350000 > cas.ticket.tgt.timeToKillInSeconds=7200 > cas.ticket.tgt.rememberMe.enabled=true > cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000 > cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=1350000 > ## > #Throttled Timeout > ## > cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800 > cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5 > cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800 > > > > Have you got an idea ? > > Best regards > > Romain > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | rb...@uvic.ca > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | rb...@uvic.ca > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | rb...@uvic.ca <javascript:> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/886248df-7caf-4755-93e1-47b26cec957f%40apereo.org.
