|

»

»

Timeout problems

View: New views

6 Messages — Rating Filter: Alert me

	Timeout problems by tedzo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. I am really confused about session timeouts. I see the following 4 variables that are configurable- 1. In ApplicationContext.xml, the second argument for "serviceTicketExpirationPolicy" Bean 2. In the same file, the first (and only) argument for "grantingTicketExpirationPolicy" Bean 3. In web.xml for CAS webapp, the "session-timeout" entry 4. In tomcat's web.xml (under /conf), the "<session-config> <session-timeout>...." entry I assumed just setting #3 above would control the timeout. That doesn't seem like it. So, I have been trying combinations and the one that worked is setting #2 AND #4 to the same value. Is that right or am I missing something here? I am using 3.06 server. Also, by session timeout, I mean- I login and keep working. I walk away for 30 minutes (say) after I make my last request, I come back and try to access some CAS protected page. I should be asked to login again. Your thoughts are appreciated. Thanks. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas
	Re: Timeout problems by scott_battaglia :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message If you want to control the Single Sign On Session you need to modify the granting ticket expiration policy. The Tomcat sessions have nothing to do with your SSO session. -Scott On Thu, May 8, 2008 at 9:47 PM, tedzo <tedzo2003@...> wrote: I am really confused about session timeouts. I see the following 4 variables that are configurable- 1. In ApplicationContext.xml, the second argument for "serviceTicketExpirationPolicy" Bean 2. In the same file, the first (and only) argument for "grantingTicketExpirationPolicy" Bean 3. In web.xml for CAS webapp, the "session-timeout" entry 4. In tomcat's web.xml (under /conf), the "<session-config> <session-timeout>...." entry I assumed just setting #3 above would control the timeout. That doesn't seem like it. So, I have been trying combinations and the one that worked is setting #2 AND #4 to the same value. Is that right or am I missing something here? I am using 3.06 server. Also, by session timeout, I mean- I login and keep working. I walk away for 30 minutes (say) after I make my last request, I come back and try to access some CAS protected page. I should be asked to login again. Your thoughts are appreciated. Thanks. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas
	Re: Timeout problems by tedzo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Scott, Thanks for the clarification. So, that would mean variable #2 in my list below. Let me try that. Maybe I missed it while trying out the many combinations. So, what do #1 and #3 control? Thanks. ----- Original Message ---- From: Scott Battaglia <scott.battaglia@...> To: Yale CAS mailing list <cas@...> Sent: Thursday, May 8, 2008 6:58:52 PM Subject: Re: Timeout problems If you want to control the Single Sign On Session you need to modify the granting ticket expiration policy. The Tomcat sessions have nothing to do with your SSO session. -Scott On Thu, May 8, 2008 at 9:47 PM, tedzo <tedzo2003@...> wrote: I am really confused about session timeouts. I see the following 4 variables that are configurable- 1. In ApplicationContext.xml, the second argument for "serviceTicketExpirationPolicy" Bean 2. In the same file, the first (and only) argument for "grantingTicketExpirationPolicy" Bean 3. In web.xml for CAS webapp, the "session-timeout" entry 4. In tomcat's web.xml (under /conf), the "<session-config> <session-timeout>...." entry I assumed just setting #3 above would control the timeout. That doesn't seem like it. So, I have been trying combinations and the one that worked is setting #2 AND #4 to the same value. Is that right or am I missing something here? I am using 3.06 server. Also, by session timeout, I mean- I login and keep working. I walk away for 30 minutes (say) after I make my last request, I come back and try to access some CAS protected page. I should be asked to login again. Your thoughts are appreciated. Thanks. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas
	Re: Timeout problems by scott_battaglia :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message The Service Expiration Policy is the expiration policy for the one-time use tickets given to applications. They have a timeout or a valid number of uses (1). The Tomcat Session is literally for the Tomcat session of the CAS server that gets created when you go through the login flow to enter your credentials (which is why its so short). -Scott On Fri, May 9, 2008 at 2:11 AM, tedzo <tedzo2003@...> wrote: Scott, Thanks for the clarification. So, that would mean variable #2 in my list below. Let me try that. Maybe I missed it while trying out the many combinations. So, what do #1 and #3 control? Thanks. ----- Original Message ---- From: Scott Battaglia <scott.battaglia@...> To: Yale CAS mailing list <cas@...> Sent: Thursday, May 8, 2008 6:58:52 PM Subject: Re: Timeout problems If you want to control the Single Sign On Session you need to modify the granting ticket expiration policy. The Tomcat sessions have nothing to do with your SSO session. -Scott On Thu, May 8, 2008 at 9:47 PM, tedzo <tedzo2003@...> wrote: I am really confused about session timeouts. I see the following 4 variables that are configurable- 1. In ApplicationContext.xml, the second argument for "serviceTicketExpirationPolicy" Bean 2. In the same file, the first (and only) argument for "grantingTicketExpirationPolicy" Bean 3. In web.xml for CAS webapp, the "session-timeout" entry 4. In tomcat's web.xml (under /conf), the "<session-config> <session-timeout>...." entry I assumed just setting #3 above would control the timeout. That doesn't seem like it. So, I have been trying combinations and the one that worked is setting #2 AND #4 to the same value. Is that right or am I missing something here? I am using 3.06 server. Also, by session timeout, I mean- I login and keep working. I walk away for 30 minutes (say) after I make my last request, I come back and try to access some CAS protected page. I should be asked to login again. Your thoughts are appreciated. Thanks. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas
	IE Redirection by Richard Gundersen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hi In IE I occasionally have a problem where, after authentication, CAS sends me to this page on the way to my target url, but gets stuck https://mycomputer/cas/login;jsessionid=E82341277465AC847382868D2AA9232E?service=http%3A%2F%2Fmycomputer%3A8080%2FMQS4%2Fj_spring_cas_security_check%3Bjsessionid%3DFEA56CDDC62D0A696EBDC58494DB4B18 If I add the port 443 to the URL to help it along, the redirection works and I end up back at my app, fully authenticated. IE should recognise 443 as the default SSL port, and indeed Firefox works perfectly. Doubt this is a CAS issue at all, but have googled it to death and not come up with any solution so thought I would see if anyone else has seen it before? PS sometimes it works fine but not sure what I do to fix it (e.g. clearing Tomcat's work directory, cleaning the Eclipse project etc etc) Regards Richard Miss your Messenger buddies when on-the-go? Get Messenger on your Mobile! _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas
	Re: Timeout problems by tedzo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Ah, thanks for the explanation. I should change the session-timeout in CAS /web.xml file back to 5 minutes (I have that at 60 minutes now). Thanks for your time. Appreciate the help. ----- Original Message ---- From: Scott Battaglia <scott.battaglia@...> To: Yale CAS mailing list <cas@...> Sent: Friday, May 9, 2008 6:55:24 AM Subject: Re: Timeout problems The Service Expiration Policy is the expiration policy for the one-time use tickets given to applications. They have a timeout or a valid number of uses (1). The Tomcat Session is literally for the Tomcat session of the CAS server that gets created when you go through the login flow to enter your credentials (which is why its so short). -Scott On Fri, May 9, 2008 at 2:11 AM, tedzo <tedzo2003@...> wrote: Scott, Thanks for the clarification. So, that would mean variable #2 in my list below. Let me try that. Maybe I missed it while trying out the many combinations. So, what do #1 and #3 control? Thanks. ----- Original Message ---- From: Scott Battaglia <scott.battaglia@...> To: Yale CAS mailing list <cas@...> Sent: Thursday, May 8, 2008 6:58:52 PM Subject: Re: Timeout problems If you want to control the Single Sign On Session you need to modify the granting ticket expiration policy. The Tomcat sessions have nothing to do with your SSO session. -Scott On Thu, May 8, 2008 at 9:47 PM, tedzo <tedzo2003@...> wrote: I am really confused about session timeouts. I see the following 4 variables that are configurable- 1. In ApplicationContext.xml, the second argument for "serviceTicketExpirationPolicy" Bean 2. In the same file, the first (and only) argument for "grantingTicketExpirationPolicy" Bean 3. In web.xml for CAS webapp, the "session-timeout" entry 4. In tomcat's web.xml (under /conf), the "<session-config> <session-timeout>...." entry I assumed just setting #3 above would control the timeout. That doesn't seem like it. So, I have been trying combinations and the one that worked is setting #2 AND #4 to the same value. Is that right or am I missing something here? I am using 3.06 server. Also, by session timeout, I mean- I login and keep working. I walk away for 30 minutes (say) after I make my last request, I come back and try to access some CAS protected page. I should be asked to login again. Your thoughts are appreciated. Thanks. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas