Single Sign-on (SSO) capabilities at the University of Hawaii are generally provided by either the Apereo Central Authentication Service (CAS) or Shibboleth Identity Provider (IdP).
...
- Successful authentication to CAS issues a TGT to the user which may be used for SSO
- The TGT is stored as a browser session cookie
- TGT idle timeout: 2 hour sliding window
- TGT hard timeout: 8 hours from date of TGT creation
- Each application maintains its own session state *
- Applications may choose to use or ignore the CAS SSO session state
| Info |
|---|
We use default values, which appear to be: # cas.ticket.st.numberOfUses=1 |
Shibboleth IdP Session Management Information
...