CAS temporary tickets should have a short expiration time
Summary
CAS specification states:
CAS SHOULD expire unvalidated service tickets in a reasonable period of time
after they are issued. If a service presents an expired service ticket for
validation, CAS MUST respond with a validation failure response.
It is RECOMMENDED that the duration a service ticket is valid before it expires
be no longer than five minutes. Local security and CAS usage considerations MAY
determine the optimal lifespan of unvalidated service tickets.
Currently, CAS tickets (ST, PT) are valid for the entire session duration.
Design proposition
Add a timeout option for those ticket types, default 5 minutes as recommended by the CAS spec