Niral, I still kinda thing the same as before, i.e. that the TGC cookie is simply rejected by your browser. Because when you do the refresh of the login page (e.g. pressing F5 instead of hitting Enter in the address line) , you're re-sending the login credentials and that's why you see "you are still logged in". But the browser should clearly tell you that you are re-sending the data, so I'm not 100% sure from your description whether you really experience this, or not.
Some further resources which could probably help you find the issue with your TGC cookie _directly from your browser_ (both Firefox's and Chrome's consoles are pretty similar nowadays - press F12 in your browser and see for yourself): * how to debug cookie rejection by the browser <https://stackoverflow.com/questions/45769602/how-to-debug-cookie-rejection-by-the-browser> * https://firefox-source-docs.mozilla.org/devtools-user/storage_inspector/index.html * https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies Also, it could help if you write how exactly you access your new CAS instance and how you've got it deployed - do you access it directly (e.g. https://localhost:8433/cas), or is it hidden behind a proxy, for example? On Wednesday, 5 July 2023 at 20:07:58 UTC+2 nkun...@jbsinternational.com wrote: > Ray, > > > > I am upgraded CAS to 6.6.9 from 6.5.8, I am able to login to cas with > authentication and on refresh somehow TGC is expiring and asking for login > credentials again. > > > > Is there any setting I have to add in cas.properties? > > > > I did these steps: > > 1. Copy cas.war to test environment. Restarted tomcat services. > 2. Open URL in browser cas/login > 3. Able to login and getting profile info. > 4. On refresh still able to see profile page. > 5. Then I logout cas/logout > 6. Again open login screen and entered credentials. Able to login and > on refresh it is displaying profile. > > > > If don’t do cas/logout, somehow tgc ticket is expiring. > > > > But after few second somehow TGC is expiring. How can I add expiration > time in 6.6.9. I don’t have any setting related to tgc in my 6.5.8 version. > > > > > > > > *From:* cas-...@apereo.org <cas-...@apereo.org> *On Behalf Of *Ray Bon > > *Sent:* Thursday, June 22, 2023 10:20 AM > *To:* cas-...@apereo.org > *Subject:* Re: [cas-user] CAS session management - Ticket Expiration > Policies - CAS 6.5 > > > > *WARNING:* THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL > SYSTEM. DO NOT CLICK links / attachments unless you know that the content > is safe! For suspicious emails, report using the Phish Alert Report button > on the upper left of your email. For marketing/SPAM emails, delete. > > > > Niral, > > > > Is the page you are refreshing the cas default login page or is it a page > in your client application? > > > > Can you post the URL when you land on the cas login page after a refresh? > > > > Ray > > > > On Wed, 2023-06-21 at 19:34 +0000, 'Niral Kunadia' via CAS Community wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information.* > > > > Thank you so much Ray for quick reply. > > > > I am able to fix custom theme issue and page loading with all css properly > and I am able to login to CAS and able to see my credentials with other > profile info. But when I refresh page it is automatically log me out. Any > suggestions or idea? > > > > > > *From:* cas-...@apereo.org <cas-...@apereo.org> *On Behalf Of*Ray Bon > *Sent:* Wednesday, June 21, 2023 10:27 AM > *To:* cas-...@apereo.org > *Subject:* Re: [cas-user] CAS session management - Ticket Expiration > Policies - CAS 6.5 > > > > *WARNING:* THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL > SYSTEM. DO NOT CLICK links / attachments unless you know that the content > is safe! For suspicious emails, report using the Phish Alert Report button > on the upper left of your email. For marketing/SPAM emails, delete. > > > > Niral, > > > > Here is a handy blog, https://fawnoos.com/2022/07/22/cas66-ui-themes/ > > > > Ray > > > > On Fri, 2023-06-16 at 12:08 +0000, 'Niral Kunadia' via CAS Community wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information.* > > > > Hello Ray, > > > > As I am upgrading from 6.5.9 to 6.6.8 As we are using custom login page > UI. I have to do few changes in src folder. I have below code in > src/main/resources/templates/layouts.html. > > > > > > <link rel="stylesheet" type="text/css" > th:href="@{#{webjars.fontawesomemin.css}}"/> > > > > I would like to add webjars dependency in build.gradle. I did not find any > sample for this. Please help! As webjars not finding this it is displaying > blank page instead of custom login page. > > > > Thank you > > Niral > > > > > > > > > > > > > > *From:* cas-...@apereo.org <cas-...@apereo.org>*On Behalf Of*Ray Bon > *Sent:* Tuesday, June 6, 2023 12:32 PM > *To:* cas-...@apereo.org > *Subject:* Re: [cas-user] CAS session management - Ticket Expiration > Policies - CAS 6.5 > > > > *WARNING:* THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL > SYSTEM. DO NOT CLICK links / attachments unless you know that the content > is safe! For suspicious emails, report using the Phish Alert Report button > on the upper left of your email. For marketing/SPAM emails, delete. > > > > Niral, > > > > That version is VERY old. I suggest you use or upgrade to the latest > version. See > https://apereo.github.io/cas/developer/Maintenance-Policy.html > > > > It is possible that the properties you have do not work with that old > version. > > > > You should be using the overlay instead of the main cas project > https://github.com/apereo/cas-overlay-template > > The main cas project is for developers. > > > > See https://fawnoos.com/2022/08/06/cas66-gettingstarted-overlay/ > > > > Your application should not be calling to cas on a page refresh (unless it > has a proxy dependency - which I will assume it does not). Once logged in, > your application should set its own session lifetime - independent of cas. > Cas is not an application session manager; it is an SSO manager. The > timeouts you have been asking about are SSO session timeouts. > > > > Ray > > > > On Mon, 2023-06-05 at 18:25 +0000, 'Niral Kunadia' via CAS Community wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information.* > > > > Ray, > > > > When you say 'on that page for a few mins', what page are you talking > about? – webpage of our app which is integrated with CAS login. > > > > If I login from this page or refresh this page, it is creating new ticket > and I can see that on logs. > > > > I am using this repo: GitHub - apereo/cas at 5.3.x > <https://github.com/apereo/cas/tree/5.3.x> > > > > Thank you, > > Niral > > > > *From:* cas-...@apereo.org <cas-...@apereo.org>*On Behalf Of*Ray Bon > *Sent:* Monday, June 5, 2023 12:51 PM > *To:* cas-...@apereo.org > *Subject:* Re: [cas-user] CAS session management - Ticket Expiration > Policies - CAS 6.5 > > > > *WARNING:* THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL > SYSTEM. DO NOT CLICK links / attachments unless you know that the content > is safe! For suspicious emails, report using the Phish Alert Report button > on the upper left of your email. For marketing/SPAM emails, delete. > > > > Niral, > > > > Ticket expiration is built in, nothing to include. > > > > When you say 'on that page for a few mins', what page are you talking > about? > > > > Ray > > > > On Mon, 2023-06-05 at 13:21 +0000, 'Niral Kunadia' via CAS Community wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information.* > > > > Ray, > > > > You are correct, I am doing these steps > > Post your cas.ticket.tgt.* config and the steps that you are performing. > > > > I just tested with 6.5.9 and can confirm that these settings work: > > cas.ticket.tgt.primary.max-time-to-live-in-seconds=301 > > cas.ticket.tgt.primary.time-to-kill-in-seconds=120 > > > > Are there any dependencies I have to add or extra properties. Or Do I need > to enable any other ticketing properties in configs? > > > > One more question: > > cas.ticket.tgt.primary.time-to-kill-in-seconds=120, for this even server > is active/issuing new tickets, does session expire after 120 sec? > > I don’t want it to expire if I am on that page for few mins, it is just > keep expiring session even there is activity. Can you please send me link > for repo you are using? > > > > Thank you, > > Niral > > > > > > > > *From:* cas-...@apereo.org <cas-...@apereo.org>*On Behalf Of*Ray Bon > *Sent:* Friday, June 2, 2023 4:35 PM > *To:* cas-...@apereo.org > *Subject:* Re: [cas-user] CAS session management - Ticket Expiration > Policies - CAS 6.5 > > > > *WARNING:* THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL > SYSTEM. DO NOT CLICK links / attachments unless you know that the content > is safe! For suspicious emails, report using the Phish Alert Report button > on the upper left of your email. For marketing/SPAM emails, delete. > > > > Niral, > > > > Perhaps I am misunderstanding what it is that you are doing. > > Post your cas.ticket.tgt.* config and the steps that you are performing. > > > > I just tested with 6.5.9 and can confirm that these settings work: > > cas.ticket.tgt.primary.max-time-to-live-in-seconds=301 > > cas.ticket.tgt.primary.time-to-kill-in-seconds=120 > > > > Ray > > > > On Fri, 2023-06-02 at 17:30 +0000, 'Niral Kunadia' via CAS Community wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information.* > > > > Thank you Ray, > > > > I notice even I issue new ticket and keep server busy/active, it is still > killing session instead of expanding session. I am using CAS 6.5.9 > > What is best scenario to test this or some logs or setting I need to add. > > > > Thank you, > > Niral > > > > *From:* cas-...@apereo.org <cas-...@apereo.org>*On Behalf Of*Ray Bon > *Sent:* Wednesday, May 31, 2023 12:31 PM > *To:* cas-...@apereo.org > *Subject:* Re: [cas-user] CAS session management - Ticket Expiration > Policies - CAS 6.5 > > > > *WARNING:* THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL > SYSTEM. DO NOT CLICK links / attachments unless you know that the content > is safe! For suspicious emails, report using the Phish Alert Report button > on the upper left of your email. For marketing/SPAM emails, delete. > > > > Niral, > > > > A refresh of the cas page may not be enough. You may have to get cas to > issue a new ST [to a different application]. The service does not have to > be real, just added to the service registry. > > Use this type of url to get cas to go through the login process and issue > a ST. > > https://cas.host/cas/login?service=https://madeup.service > <https://dev.uvic.ca/cas/login?service=https%3A%2F%2Fdemocasclientdev.uvic.ca%2Fdemocasclient%2Fcallback%3Fclient_name%3DCasClient> > > > > Ray > > > > On Wed, 2023-05-31 at 13:39 +0000, 'Niral Kunadia' via CAS Community wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information.* > > > > > > Hello Ray, > > > > Thank you for reply. This is very useful. > > > > cas.ticket.tgt.primary.max-time-to-live-in-seconds=240 > > cas.ticket.tgt.primary.time-to-kill-in-seconds=180 > > > > These are the setting and for testing I am following these steps. > > > > I am login with cas credentials to web page, after login refresh page > every 10second or so for about three mins, I am getting authenticate > message and I am logged in in web page. That means cas server is not idle > and in cas logs I can see ‘Authentication event occurred ’ .So even after > server is not idle and with activity , page is getting logout screen after > three mins as we set cas.ticket.tgt.primary.time-to-kill-in-second=180. > > > > These settings work as expected if server is idle, but not with if server > is not idle. > > > > Not able to find why this is happening. > > > > Thank you, > > Niral > > > > > > > > *From:* cas-...@apereo.org <cas-...@apereo.org>*On Behalf Of*Ray Bon > *Sent:* Tuesday, May 30, 2023 2:09 PM > *To:* cas-...@apereo.org > *Subject:* Re: [cas-user] CAS session management - Ticket Expiration > Policies - CAS 6.5 > > > > *WARNING:* THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL > SYSTEM. DO NOT CLICK links / attachments unless you know that the content > is safe! For suspicious emails, report using the Phish Alert Report button > on the upper left of your email. For marketing/SPAM emails, delete. > > > > Niral, > > > > TGT is for life of cas login session, not application session. I am not > sure if cas can send logouts to services when TGT expires - that would > create strange issues in the client applications. > > > > These settings will allow cas session length to increase beyond 30m only > if user logs in to other services or visits cas to refresh a service, etc. > (The values are in seconds. I seem to recall that the minimum value is 2m.) > > > > > cas.ticket.tgt.primary.max-time-to-live-in-seconds=some-value-greater-than-1800 > > cas.ticket.tgt.primary.time-to-kill-in-seconds=1800 > > > > For viewing the reports, some additional info can be found, > https://apereo.github.io/cas/6.5.x/monitoring/Monitoring-Statistics.html > > > > Ray > > > > On Tue, 2023-05-30 at 08:30 -0700, 'Niral Kunadia' via CAS Community wrote: > > *Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information.* > > > > Hello, > > > > I would like to set, if server is idle/no activity for 30 mins, users > should automatically logoutand session should expire. > > > > If there is activity user stay login without logout. > > > > I tried to set these two properties in .properties file but it still > logout user even if there is activity. > > > > management.endpoint.ticketExpirationPolicies.enabled=true > management.endpoints.web.exposure.include=ticketExpirationPolicies > > cas.ticket.tgt.primary.max-time-to-live-in-seconds=120 > cas.ticket.tgt.primary.time-to-kill-in-seconds=30 > > > > I also added decency - > implementation"org.apereo.cas:cas-server-support-reports:${project.'cas.version'}" > from CAS - Configuring Ticket Expiration Policy Components > (apereo.github.io) > <https://apereo.github.io/cas/6.5.x/ticketing/Configuring-Ticket-Expiration-Policy.html> > > > > Please any advice. > > > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/e277ae05ca27972c7ce1e418db33325a81338311.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e277ae05ca27972c7ce1e418db33325a81338311.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/393206864cf874d7758a2abc5b68ae89151345a9.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/393206864cf874d7758a2abc5b68ae89151345a9.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/M-hrAO4jo3w/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > cas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/52ae00b8afd0b859887659f70094d323109a5710.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/52ae00b8afd0b859887659f70094d323109a5710.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/20ca731a0cea05c993d5d002b8fb4ad4ab196448.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/20ca731a0cea05c993d5d002b8fb4ad4ab196448.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ba33e3f3c3c3a1fce173922592919095bfc4136.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ba33e3f3c3c3a1fce173922592919095bfc4136.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7580b10a-db16-4874-9585-9abb0b194203n%40apereo.org.
