Our CAS servers (3.4.12) are using the default Service Ticket timeout of 10 seconds. We have 3 servers in 2 data centers clustered with a Hazelcast ticket registry.
Lately we have been seeing ST Validations failing because the ticket is expired. We are thinking of changing the timeout to either 15 or 20 seconds. Any thoughts on this? I know about the security implication but don’t believe that this creates a significantly increased risk. Secondly with the Java client, what is the expected behavior when the validation filter gets a failed validation response from the CAS server? Should the user be redirected back to the CAS login page by the CAS client? Or does the application need to catch the failure and decide wether or not to redirect to the login page or just generate an error page? Right now the belief is that this causes our CASified application to return a 500 error to the user’s browser. Note: The application that is CASified is a Peoplesoft Portal running on Weblogic…. I tried looking at the validation code, but got a little lost…. Oh since I am here, one more question. Going through or CAS proxy (NetScalar) we are seeing the same Service Ticket being passed to CAS multiple times. For the life of me I can’t figure why a client would do that or what scenario / configuration would cause this. Any insights on this? Thanks, Bryan -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
