Hello, When I test with the old version of cas 5.3.X (same saml client) --> there is no issue even after 1hour2 or 3 hours.
When I test with the new version 6.6.X (same SAML client) --> first response OK , second OK, after 2 hours : problem with the SAML response : Authentication statement is too old error The same configuration of TGT (10H) and st timeouts is applicable for the two versions : - cas.ticket.tgt.timeout.max-time-to-live-in-seconds=36000 - cas.ticket.st.time-to-kill-in-seconds=120 The problem is with the SAML response which is different in the two versions. In version 6.6.X the saml:AuthnStatement/AuthnInstance is not updated. In the version 5.3.X the date is updated even if it is with the same TGT, so the client does not display error messages. Do you know which parameter in cas 6.6.X that update the *AuthnInstance* when used with the same TGT but not the same ST? Thank you. Best Regards, Le jeudi 23 novembre 2023 à 06:38:55 UTC+1, Mohamed Amdouni a écrit : > Hello, > > I’m testing a saml client after cas migration from 5.3 to 6.6. > > The saml authentication is processed successfully ( using spnego & > Kerberos): no login details are entered, the spnego token is sent and > validated .After a long idle period, if I refresh the page I got an error > on the wall client saying that « Authentication statement is too long » > which is not the cas in the old version 5. > No error are generated in the cas server. > > I would like to know if there are some default values that are not used > any more in the new version of cas that could be related to this issue. > > > I also detected that the time zone is no more sent in the assertions. > > It seems that the locale are no more detected automatically ? No value are > specified in the old version but the time zone is returned in the > assertions. > > In debug mode some locale error are detected about messages but the > langage is correct when cas displays some screens ( I don’t have any custom > translation) > > Thank you. > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e397d12-82af-4505-8977-3b89121dcafbn%40apereo.org.
