Thank you for replying, Misagh, Instructure's Canvas (LMS) oddly links session timeouts to CAS' Ticket Expiration Policy. So, as I understand it, with the default Ticket Expiration Policy of 2 hours, Canvas sessions are automatically logging out users because Instructure chose to tie their Canvas-user session limits to CAS tickets. I had to increase the value in cas.properties to the following in order for the Canvas session to remain open for 4 hours:
cas.ticket.tgt.timeToKillInSeconds=14400 Interestingly, none of our other SSO-enabled applications work this way, i.e., tickets may expire, but users remains logged in. After working with Support, they suggested I considered modifying this Per Service ( https://apereo.github.io/cas/6.3.x/ticketing/Configuring-Ticket-Expiration-Policy.html#per-service, "The expiration policy of ticket granting tickets can be conditionally decided on a per-application basis." { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://.*", "name" : "Sample", "id" : 10, "ticketGrantingTicketExpirationPolicy": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy", "maxTimeToLiveInSeconds": 5 } } This seemed logical enough, but I haven't tested. Besides, this appears to be a 6.x thing and not 5.2. Is there a workaround for 5.2.x where I can just increase this value for Canvas, I assume in services: cas.ticket.tgt.timeToKillInSeconds=14400 "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://canvas... Thanks a lot. Bill On Friday, March 5, 2021 at 11:23:45 AM UTC-6 Misagh Moayyed wrote: > There exists no such thing. What do you ultimately wish to accomplish with > this setting? > > Often what you really should be doing is modifying the application itself > to manage its own session for 8 hours. CAS is not a session manager, and > generally has no say when it comes to the application session. > > > > On Friday, March 5, 2021 at 12:17:52 AM UTC+4 Bill Scully wrote: > >> Hi, >> >> Does anyone know if the "The expiration policy of ticket granting tickets >> can be conditionally decided on a per-application basis" in 5.2.x? >> >> I see that is available in 6.3.x: >> >> >> https://apereo.github.io/cas/6.3.x/ticketing/Configuring-Ticket-Expiration-Policy.html#per-service >> >> and I am specifically interested in increasing the ticket expiration for >> a given service, not the default: >> >> "org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy", >> >> "maxTimeToLiveInSeconds": 5 >> >> If not, is there a potential workaround where I could extend the life of >> a ticket to 8 hours for a registered service? >> >> Thanks for your time! >> >> Bill >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/621e4a85-0572-43a6-950f-dd0607edf130n%40apereo.org.