Single Sign-on (SSO) capabilities at the University of Hawaii are generally provided by either the Apereo Central Authentication Service (CAS) or Shibboleth Identity Provider (IdP).
...
The primary responsibility of the CAS server is to authenticate (AuthN) users and grant access to CAS-enabled services, commonly called CAS clients, by issuing and validating tickets. A CAS SSO session is created when the server issues a Ticket Granting Ticket (TGT) to the user upon successful login.
- Ticket-Granting Ticket (TGT)
- Successful authentication to CAS issues a TGT to the user which may be used for SSO
- The TGT is stored as a browser session cookie
- TGT idle timeout: 2 hour sliding window
- TGT hard timeout: 8 hours from date of TGT creation
- Successful authentication to CAS issues a TGT to the user which may be used for SSO
- Session Management
- Each application maintains its own session state. *
- Applications may choose to use or ignore the CAS SSO session state
...
We use default values, which appear to be:
...
- .
...
Shibboleth IdP Session Management Information
...