This is a question regarding local app timeout and CAS Server timeout. I have 2 client apps: app1 and app2 Both are secured by CAS (v3.4.10) (using spring security CAS)
The client apps have local session timeout of 1 min. The CAS server's ticket timeout (grantingTicketExpirationPolicy) is set to 2 minutes. Here's the scenario: 1. I logged in to app1 via CAS 2. I access app2 and was granted access (single sign on works as expected) 3. I remain active in app1 (never allowing for a local timeout) while not accessing app2 at all for more than 2 minutes. 4. I access app2 and is prompted by a login. This is undesirable for my requirements. The desired setup would be user would not be prompted to login to either app1 or app2 as long as they have been active on either app1 or app2 for the last 2 minutes. Does anyone know of a setup that can help me achieve my requirements? Thank you. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
