Niral, Ticket expiration is built in, nothing to include.
When you say 'on that page for a few mins', what page are you talking about? Ray On Mon, 2023-06-05 at 13:21 +0000, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Ray, You are correct, I am doing these steps Post your cas.ticket.tgt.* config and the steps that you are performing. I just tested with 6.5.9 and can confirm that these settings work: cas.ticket.tgt.primary.max-time-to-live-in-seconds=301 cas.ticket.tgt.primary.time-to-kill-in-seconds=120 Are there any dependencies I have to add or extra properties. Or Do I need to enable any other ticketing properties in configs? One more question: cas.ticket.tgt.primary.time-to-kill-in-seconds=120, for this even server is active/issuing new tickets, does session expire after 120 sec? I don’t want it to expire if I am on that page for few mins, it is just keep expiring session even there is activity. Can you please send me link for repo you are using? Thank you, Niral From: cas-user@apereo.org <cas-user@apereo.org> On Behalf OfRay Bon Sent: Friday, June 2, 2023 4:35 PM To: cas-user@apereo.org Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5 WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM. DO NOT CLICK links / attachments unless you know that the content is safe! For suspicious emails, report using the Phish Alert Report button on the upper left of your email. For marketing/SPAM emails, delete. Niral, Perhaps I am misunderstanding what it is that you are doing. Post your cas.ticket.tgt.* config and the steps that you are performing. I just tested with 6.5.9 and can confirm that these settings work: cas.ticket.tgt.primary.max-time-to-live-in-seconds=301 cas.ticket.tgt.primary.time-to-kill-in-seconds=120 Ray On Fri, 2023-06-02 at 17:30 +0000, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Thank you Ray, I notice even I issue new ticket and keep server busy/active, it is still killing session instead of expanding session. I am using CAS 6.5.9 What is best scenario to test this or some logs or setting I need to add. Thank you, Niral From: cas-user@apereo.org<mailto:cas-user@apereo.org> <cas-user@apereo.org<mailto:cas-user@apereo.org>>On Behalf OfRay Bon Sent: Wednesday, May 31, 2023 12:31 PM To: cas-user@apereo.org<mailto:cas-user@apereo.org> Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5 WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM. DO NOT CLICK links / attachments unless you know that the content is safe! For suspicious emails, report using the Phish Alert Report button on the upper left of your email. For marketing/SPAM emails, delete. Niral, A refresh of the cas page may not be enough. You may have to get cas to issue a new ST [to a different application]. The service does not have to be real, just added to the service registry. Use this type of url to get cas to go through the login process and issue a ST. https://cas.host/cas/login?service=https://madeup.service<https://dev.uvic.ca/cas/login?service=https%3A%2F%2Fdemocasclientdev.uvic.ca%2Fdemocasclient%2Fcallback%3Fclient_name%3DCasClient> Ray On Wed, 2023-05-31 at 13:39 +0000, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello Ray, Thank you for reply. This is very useful. cas.ticket.tgt.primary.max-time-to-live-in-seconds=240 cas.ticket.tgt.primary.time-to-kill-in-seconds=180 These are the setting and for testing I am following these steps. I am login with cas credentials to web page, after login refresh page every 10second or so for about three mins, I am getting authenticate message and I am logged in in web page. That means cas server is not idle and in cas logs I can see ‘Authentication event occurred ’ .So even after server is not idle and with activity , page is getting logout screen after three mins as we set cas.ticket.tgt.primary.time-to-kill-in-second=180. These settings work as expected if server is idle, but not with if server is not idle. Not able to find why this is happening. Thank you, Niral From: cas-user@apereo.org<mailto:cas-user@apereo.org> <cas-user@apereo.org<mailto:cas-user@apereo.org>>On Behalf OfRay Bon Sent: Tuesday, May 30, 2023 2:09 PM To: cas-user@apereo.org<mailto:cas-user@apereo.org> Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5 WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM. DO NOT CLICK links / attachments unless you know that the content is safe! For suspicious emails, report using the Phish Alert Report button on the upper left of your email. For marketing/SPAM emails, delete. Niral, TGT is for life of cas login session, not application session. I am not sure if cas can send logouts to services when TGT expires - that would create strange issues in the client applications. These settings will allow cas session length to increase beyond 30m only if user logs in to other services or visits cas to refresh a service, etc. (The values are in seconds. I seem to recall that the minimum value is 2m.) cas.ticket.tgt.primary.max-time-to-live-in-seconds=some-value-greater-than-1800 cas.ticket.tgt.primary.time-to-kill-in-seconds=1800 For viewing the reports, some additional info can be found, https://apereo.github.io/cas/6.5.x/monitoring/Monitoring-Statistics.html Ray On Tue, 2023-05-30 at 08:30 -0700, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I would like to set, if server is idle/no activity for 30 mins, users should automatically logoutand session should expire. If there is activity user stay login without logout. I tried to set these two properties in .properties file but it still logout user even if there is activity. management.endpoint.ticketExpirationPolicies.enabled=true management.endpoints.web.exposure.include=ticketExpirationPolicies cas.ticket.tgt.primary.max-time-to-live-in-seconds=120 cas.ticket.tgt.primary.time-to-kill-in-seconds=30 I also added decency - implementation"org.apereo.cas:cas-server-support-reports:${project.'cas.version'}" from CAS - Configuring Ticket Expiration Policy Components (apereo.github.io)<https://apereo.github.io/cas/6.5.x/ticketing/Configuring-Ticket-Expiration-Policy.html> Please any advice. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email tocas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email tocas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email tocas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e277ae05ca27972c7ce1e418db33325a81338311.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/e277ae05ca27972c7ce1e418db33325a81338311.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/393206864cf874d7758a2abc5b68ae89151345a9.camel%40uvic.ca.
