Niral, You will see in the logs that cas will issue a different TGT for each login; this means two different session == two different users (even if same username:password). In the same browser, open a new tab and access / log in to a different service.
You can create fake services in your service registry, they do not have validate the ST, cas just has to issue the ST. Then access cas with a URL like: https://cas.host/cas/login?service=https://madeup.service See https://apereo.github.io/cas/6.6.x/services/JSON-Service-Management.html Ray On Wed, 2023-05-31 at 17:07 +0000, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Ray, A you said you may have to get cas to issue a new ST[to a different application]. How can I add this for testing? I tested with two different browsers. Like login in chrome and did not touch it. I also login on edge and refreshing page every few mins, and I can see new service ticket open message in logs means server is active. I still got logged out from chrome after 3 mins as I set cas.ticket.tgt.primary.time-to-kill-in-seconds=180. Thank you for your help! From: cas-user@apereo.org <cas-user@apereo.org> On Behalf OfRay Bon Sent: Wednesday, May 31, 2023 12:31 PM To: cas-user@apereo.org Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5 WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM. DO NOT CLICK links / attachments unless you know that the content is safe! For suspicious emails, report using the Phish Alert Report button on the upper left of your email. For marketing/SPAM emails, delete. Niral, A refresh of the cas page may not be enough. You may have to get cas to issue a new ST [to a different application]. The service does not have to be real, just added to the service registry. Use this type of url to get cas to go through the login process and issue a ST. https://cas.host/cas/login?service=https://madeup.service<https://dev.uvic.ca/cas/login?service=https%3A%2F%2Fdemocasclientdev.uvic.ca%2Fdemocasclient%2Fcallback%3Fclient_name%3DCasClient> Ray On Wed, 2023-05-31 at 13:39 +0000, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello Ray, Thank you for reply. This is very useful. cas.ticket.tgt.primary.max-time-to-live-in-seconds=240 cas.ticket.tgt.primary.time-to-kill-in-seconds=180 These are the setting and for testing I am following these steps. I am login with cas credentials to web page, after login refresh page every 10second or so for about three mins, I am getting authenticate message and I am logged in in web page. That means cas server is not idle and in cas logs I can see ‘Authentication event occurred ’ .So even after server is not idle and with activity , page is getting logout screen after three mins as we set cas.ticket.tgt.primary.time-to-kill-in-second=180. These settings work as expected if server is idle, but not with if server is not idle. Not able to find why this is happening. Thank you, Niral From: cas-user@apereo.org<mailto:cas-user@apereo.org> <cas-user@apereo.org<mailto:cas-user@apereo.org>>On Behalf OfRay Bon Sent: Tuesday, May 30, 2023 2:09 PM To: cas-user@apereo.org<mailto:cas-user@apereo.org> Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5 WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM. DO NOT CLICK links / attachments unless you know that the content is safe! For suspicious emails, report using the Phish Alert Report button on the upper left of your email. For marketing/SPAM emails, delete. Niral, TGT is for life of cas login session, not application session. I am not sure if cas can send logouts to services when TGT expires - that would create strange issues in the client applications. These settings will allow cas session length to increase beyond 30m only if user logs in to other services or visits cas to refresh a service, etc. (The values are in seconds. I seem to recall that the minimum value is 2m.) cas.ticket.tgt.primary.max-time-to-live-in-seconds=some-value-greater-than-1800 cas.ticket.tgt.primary.time-to-kill-in-seconds=1800 For viewing the reports, some additional info can be found, https://apereo.github.io/cas/6.5.x/monitoring/Monitoring-Statistics.html Ray On Tue, 2023-05-30 at 08:30 -0700, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I would like to set, if server is idle/no activity for 30 mins, users should automatically logoutand session should expire. If there is activity user stay login without logout. I tried to set these two properties in .properties file but it still logout user even if there is activity. management.endpoint.ticketExpirationPolicies.enabled=true management.endpoints.web.exposure.include=ticketExpirationPolicies cas.ticket.tgt.primary.max-time-to-live-in-seconds=120 cas.ticket.tgt.primary.time-to-kill-in-seconds=30 I also added decency - implementation"org.apereo.cas:cas-server-support-reports:${project.'cas.version'}" from CAS - Configuring Ticket Expiration Policy Components (apereo.github.io)<https://apereo.github.io/cas/6.5.x/ticketing/Configuring-Ticket-Expiration-Policy.html> Please any advice. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email tocas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email tocas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7272099234b2ae7f4567f834177f905ac1416299.camel%40uvic.ca.
