Yan, The TGT stays on the cas server and the ticket storage system. It stores the user session details. The TGC is sent to the browser. It is just an identifier for cas to find a TGT. The ST is just an identifier and stores no info.
See https://apereo.github.io/cas/6.2.x/planning/Security-Guide.html#protocol-ticket-encryption, for encryption options. Ray On Thu, 2020-11-19 at 14:07 -0800, Yan Zhou wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, is there any user info. being stored in TGT and ST? I would think so, I see Authentication being part of TGT. Due to some security policy, we are asked whether we need to encrypt TGT and ST, because there is User Auth info., it sounds like we should encrypt it. Does that sound right? Thanks, Yan -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/deb5afb7a6b220f397a4c69b09a0adbafcd82812.camel%40uvic.ca.
