Versions Compared

Old Version 1

changes.mady.by.user Marvin Addison

Saved on

compared with

New Version Current

changes.mady.by.user Misagh Moayyed

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning
titleNew CAS documentation site

CAS documentation has moved over to apereo.github.io/cas, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link.

Excerpt

CAS supports a pluggable and extensible policy framework to control the expiration policy of ticket-granting tickets (TGT) and service tickets (ST).

Both TGT and ST expiration policy beans are defined in the /cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml file in the CAS distribution.

...

The default expiration policy applied to TGTs provides for most-recently-used expiration policy, similar to a Web server session timeout. For example, a 32-hour time span with this policy in effect would require a TGT to be used every 3 2 hours or less, otherwise it would be marked as expired.

...

Usage Example

Code Block
xml
xml

<!-- TGT expires after 2 hours in inactivity -->
<bean id="grantingTicketExpirationPolicy"
  class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">
  <constructor-arg
    index="0"
    value="7200000" />
</bean>

...

Usage Example

Code Block
xml
xml

<!-- TGT expires 4 hours after creation -->
<bean id="grantingTicketExpirationPolicy"
  class="org.jasig.cas.ticket.support.HardTimeoutExpirationPolicy">
  <constructor-arg
    index="0"
    value="14400000" />
</bean>

...

The throttled timeout policy extends the #TimeoutExpirationPolicy TimeoutExpirationPolicy with the concept of throttling where a ticket may be used at most every N seconds. This policy was designed to thwart denial of service conditions where a rogue or misconfigured client attempts to consume CAS server resources by requesting high volumes of service tickets in a short time.

...

Usage Example

Code Block
xml
xml

<!--
TGT expires under one of two conditions:
 * More than 3 hours of inactivity
 * Used consecutively where less than 5 seconds has elapsed from the first use
-->
<bean id="grantingTicketExpirationPolicy"
  class="org.jasig.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy"
  p:timeToKillInMilliSeconds="10800000"
  p:timeInBetweenUsesInMilliSeconds="5000"
/>

...

Usage Example

Code Block
xml
xml

<!-- TGT never expires -->
<bean id="grantingTicketExpirationPolicy"
  class="org.jasig.cas.ticket.support.NeverExpiresExpirationPolicy" />

...

Usage Example

Code Block
xml
xml

<!-- ST may be used exactly once and must be validated within 5 minutes. -->
<bean id="serviceTicketExpirationPolicy"
  class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy">
  <constructor-arg
    index="0"
    value="1" />
  <constructor-arg
    index="1"
    value="300000" />
</bean>