I've a strange problem with with my installation of CAS. Recently we activated the RememberMe functionality with a 3-Month validity of the ticket on RememberMe.
When the session of my client application expires I got sent back to CAS at
https://urlOfmyCas/login?service=urlOfClient
Even though the CASTGC cookie is there and valid CAS is showing me again the login page. If I invoke the URL above without service parameter I get redirected to the "Login-Success" page, so CAS knows that I'm logged in.
I would expect CAS to check the cookie log me in and send me back to my client application unless i send the renew parameter.
Did I mess up something in my CAS installation or is this an expected behaviour
Today finally it seems like I found the answer.
CAS is creating a long-term-ticket with validity 3 months (no matter what you specify as expiration timeout in your ticketExpirationPolicies.xml). The value specified in the documentation for rememberMeExpirationPolicy is for the ticketCleaner only. So even if the cookie is still there the cleaner could potentially already have dismissed the TGT in the ticket registry.
If you call /login without service parameter, the system only checks if there is a TGTid in the cookie without checking the ticket registry, so thats why it shows the success-login page, which confused me a bit.
What put me into trouble is that I assumed that the expiration values used in org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy are in SECONDS too (like it is in the default configuration), however this class needs the values as MILLISECONDS.
I should have checked that, but as I tried to set it to 3 months and the ticket has a 3 month validity (so I thought to get what I want), together with the strange behaviour mentioned in the paragraph above... My mistake in the end.