Time to live) even if no STs have been requested. Server that the TGT should remain valid (at least as long as the max Into the CAS client directly.so that as long as there is an activeĪpplication session, the CAS client could periodically inform the CAS It is also interesting to think of TGT-keep-alive functionality baked TGT timeout rather than being independent. So a proposal might be to have the PGT timeout be directly tied to the TGT session, but hasn't exercised the PGT frequently enough (causing The case where the user is logged in to the app and still has valid Well, and not have an independent time-out.
TGT is still valid, then perhaps the PGT should still be valid as Seems to me that CAS3 goes too far in modeling PGT as TGT in that itĬauses the PGT to be somewhat disconnected from the use case. PGT-keep-alive: same as #1, except the app has to make theīack-channel calls to the URL for new PTs to keep the PGT alive. Implementing a TGT-keep-alive (for as long as the TGT can live, CAS3.5ĭefault config implements a max time to live, as well as the idleĢ. User-agent to view this URL (perhaps via a hidden frame), thus Then have the application periodically force the browser TGT-keep-alive: implemented a URL that keeps no state, but requiresĪ ST. To last as long as the application session lasts (both steps areġ. Here's a potential work-around for an application that needs the PGT We are just starting to really think through the possibilties in earnest, so I'll post back with further thoughts if we have any… It is possible that if the PGT times out, we would just try to kick the user back to CAS to get a new ST, but this could lose the application state, so if we can do better with a proper setting of policies, it would be better.
#Tgt i need wiki how to#
I'm actually in the middle some internal discussions on how to properly set the timeouts policies in this situation. There are actually 3 different timeouts involved here: TGT, PGT and application session (out of the control of CAS).
![tgt i need wiki tgt i need wiki](https://image.slidesharecdn.com/11caiseweb-111013091904-phpapp01/95/a-dsl-for-corporate-wiki-initialization-caise11-22-728.jpg)
In this case, you want the PGT to last as long as the session the application is valid otherwise in the middle of the user's application session, the PGT becomes invalid and the backend can't make more PT's and may get stuck. The web application needs to make further RESTful calls on the user's behalf to CAS protected REST endpoints. You are currently subscribed to as: the use cases that I am aware of, the PGT is used in the following way: The user logs into web application (via CAS) and then makes some requests via the web UI. You are currently subscribed to as: unsubscribe, change settings or access archives, see Is there any solution ? How to "synchronize" use of the app (the user session) and PGT expiration.įor now, we made a quick and dirty thing : a periodic call to CAS for PT, without using it, just to keep the PGT alive :-/ It's a bit awkward having to disconnect the user while the user have been active during all this time. When 3 hours later (for example) the app asks for a PT for the webservice, the PGT is expired, and the user MUST be disconnected to get another valid PGT.
![tgt i need wiki tgt i need wiki](https://image.slidesharecdn.com/szymonramczykowski-restapitestingtipsandtricks-170929101351/95/tgt17-restapi-testing-tips-and-tricks-how-to-start-testing-api-of-your-web-application-szymon-ramczykowski-15-638.jpg)
Sometimes the user doesn't use the webservice during, for example 2 hours (TGT/PGT default expiration time), but still use actively the app. The user do his stuff in the app, sometimes calling casified-webservice, thus asking CAS for a PT.
![tgt i need wiki tgt i need wiki](https://static.wikia.nocookie.net/topgear/images/f/f7/John_TGT.jpg)
A user connects to an app, by using a ST.