Sorry to revisit this older topic,
I had the impression that the expiration time was not this static.
When a user authenticates into another service does it not extend the expiration for all PGTs previously issued?
For example:
If we have a two hour expiration configured...and
If a user logs into application A at 1:00 then the Authentication object (obtained from the Assertion) returns 1:00, The math can obviously be done to see that the credentials should be valid until 3:00 at which time the PGT that was requested and issued is no longer valid. Also meaning that proxy tickets can no longer be generated from that PGT.
But if the user logs into another CAS enabled application (new service string) at 2:00 then I was under the impression that the expiration would actually be extended until 4:00... even for the PGT generated for application A.
This would mean that application A could generate proxy tickets up until 4:00 now. Correct?
-----------------------------
If this is the case then is there some way to have application A determine or reevaluate how long it's PGT will be valid for?
Thanks for the clarification in advance,
--Mark
Mark Steddom
Northern Arizona University
--
You are currently subscribed to
[hidden email] as:
[hidden email]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
