John, https://apereo.github.io/cas/6.1.x/ticketing/Configuring-Ticket-Expiration-Policy.html
timeout.maxTimeToLive... is a hard timeout. The other is a 'must be used within this time' to be valid. If the TGT is used within this window, the validity will extend by that time up to timeout.maxTimeToLive... Ray On Mon, 2020-06-01 at 08:09 -0700, John Bond wrote: Hello All, In out config we set both cas.ticket.tgt.timeout.maxTimeToLiveInSeconds and cas.ticket.tgt.maxTimeToLiveInSeconds to the same value believing theses where the same and made a note to validate this with this group[1]. That later step never happened and the config remained. however today i tried to implement memcache as the ticket store and i noticed via tcpdump that CAS was setting the memcache value with an expiry time of -1, this effectively means don't cache so when CAS tries to fetch the ticket it doesn't exist. Checking my logs i notice the following debug messages which seemed confusing 2020-06-01 14 05 44,597 DEBUG [org.apereo.cas.ticket.expiration.builder.TicketGrantingTicketExpirationPolicyBuilder] - <Ticket-granting ticket expiration policy is based on a timeout of [604800] seconds> 2020-06-01 14 05 44,599 DEBUG [org.apereo.cas.ticket.expiration.builder.TicketGrantingTicketExpirationPolicyBuilder] - <Final effective time-to-live of ticket-granting ticket expiration policy is [9223372036854775807] seconds> memcache only supports an int for the expiry however the final value we have is 9223372036854775807, my assumption is that this at some point this gets coalesced down to -1. however i'm curious why the final value is not 604800. Looking at the code i see that when setting `cas.ticket.tgt.timeout.maxTimeToLiveInSeconds` the final timeout value comes from TimeoutExpirationPolicy.java which always returns Long.MAX_VALUE[1]. When setting only `cas.ticket.tgt.maxTimeToLiveInSeconds` the timeout value comes from TicketGrantingTicketExpirationPolicy.java which returns `this.maxTimeToLiveInSeconds` which is the value i would expect. The logic that makes this choice is in TicketGrantingTicketExpirationPolicyBuilder.java With this in mind could someone explain the difference between the two config items or point me to further documentation. Further it seems that the use of cas.ticket.tgt.timeout.maxTimeToLiveInSeconds is not currently compatible with memcache. We are running CAS 6.5.1 on debian buster, let me know if further information is required. Thanks [1]https://github.com/apereo/cas/blob/v6.1.5/core/cas-server-core-tickets-api/src/main/java/org/apereo/cas/ticket/expiration/builder/TicketGrantingTicketExpirationPolicyBuilder.java#L63-L98 [2]https://github.com/apereo/cas/blob/v6.1.5/core/cas-server-core-tickets-api/src/main/java/org/apereo/cas/ticket/expiration/TimeoutExpirationPolicy.java#L74 [3]https://github.com/apereo/cas/blob/v6.1.5/core/cas-server-core-tickets-api/src/main/java/org/apereo/cas/ticket/expiration/builder/TicketGrantingTicketExpirationPolicyBuilder.java#L70-L73 -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb37f20f7525dd1ebee05de7e10bb7833107c4d6.camel%40uvic.ca.