John, Timeout has higher priority than Default. timeout.maxTimeToLiveInSeconds is a more general approach (an application like an webmail client, that hits cas every 10m when it checks for new mail, will keep the TGT alive while the tab is open).
The two settings in Default, maxTimeToLiveInSeconds and timeToKillInSeconds, provide for the timeout sliding window but have a hard stop at maxTimeToLiveInSeconds. (With this approach, webmail app will require a new log in after maxTimeToLiveInSeconds.) In my previous response, I incorrectly stated the behaviour. https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties.html#tgt-expiration-policy says that to disable a policy, set its value to 0 or less. Maybe by setting timeout.maxTimeToLiveInSeconds, it forces maxTimeToLiveInSeconds to -1 and this value gets sent to memcache. The similarly named fields are quite confusing (I got caught this morning). Perhaps it would be clearer if timeout.maxTimeToLiveInSeconds and timeToKillInSeconds where named sessionTimeToLiveInSeconds, since they refer to the length of time the session will live after the last time the TGT was used. Ray On Mon, 2020-06-01 at 18:35 +0200, John Bond wrote: Hi Ray, Thanks for the response however ... On Mon, Jun 1, 2020 at 6:16 PM Ray Bon <r...@uvic.ca<mailto:r...@uvic.ca>> wrote: John, https://apereo.github.io/cas/6.1.x/ticketing/Configuring-Ticket-Expiration-Policy.html timeout.maxTimeToLive... is a hard timeout. The other is a 'must be used within this time' to be valid. If the TGT is used within this window, the validity will extend by that time up to timeout.maxTimeToLive... View Task<https://phabricator.wikimedia.org/T245771> I thought that was the difference between cas.ticket.tgt.maxTimeToLiveInSeconds and cas.ticket.tgt.maxTimeToLiveInSeconds i.e. * cas.ticket.tgt.timeToKillInSeconds - If cas has seen no access from a user in this time kill the ticket * cas.ticket.tgt.maxTimeToLiveInSeconds - Regardless of anything always kill the ticket after this timeout * cas.ticket.tgt.timeout.maxTimeToLiveInSeconds - ??? If not what does cas.ticket.tgt.timeToKillInSeconds control? Thanks -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4d67023b25aac96a9dd0037adcb133b5e548ae7c.camel%40uvic.ca.
