CAS SLO Unable to remove ticket [ST-...]

[Iker Gil]

Hello!

We have a problem and I hope someone can help us.

I let you the error log, basically we can not perform the Single Logout. 

The problem we have comes when we delete the ST ticket, it shows, Unable to remove ticket [ST-...]

However, it is capable of erasing the TGT ticket.
I do not know what is happening, we have tried everything we have found online and we have not had any luck. Can you help us?

Thank you very much in advance.

<Removing ticket [TGT-***-3-OpdpyYQ-30drQ-V8rkjwQCHODuK-QYo-agSgvHauJlolDzFv9aedgeQhYDRMztm-dNk] from registry...>
DEBUG [org.apereo.cas.DefaultCentralAuthenticationService] - <Ticket found. Processing logout requests and then deleting the ticket...>
INFO [org.apereo.cas.logout.DefaultLogoutManager] - <Performing logout operations for [TGT-***-3-OpdpyYQ-30drQ-V8rkjwQCHODuK-QYo-agSgvHauJlolDzFv9aedgeQhYDRMztm-dNk]>
DEBUG [org.apereo.cas.logout.DefaultLogoutManager] - <Handling single logout callback for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4423027b[id=https://localhost/sample/,originalUrl=https://localhost/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]]>
DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Processing logout request for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4423027b[id=https://localhost/sample/,originalUrl=https://localhost/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]]...>
DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4423027b[id=https://localhost/sample/,originalUrl=https://localhost/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] supports single logout and is found in the registry as [id=10001000,name=localhost,description=<null>,serviceId=^https://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=<null>,evaluationOrder=0,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy@99bf835[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@f1bde9df[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@16d0dc6b[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@baae77d9[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@acc58972,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@8caa7c4[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@17d9e978[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=<null>],<null>]. Proceeding...>
DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout url [https://localhost/sample/] for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4423027b[id=https://localhost/sample/,originalUrl=https://localhost/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]]>
DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating logout request for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4423027b[id=https://localhost/sample/,originalUrl=https://localhost/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] and ticket id [ST-2-k36PYFnDfyUmNh0AfOyYxspF9Wk]>
DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout request [org.apereo.cas.logout.DefaultLogoutRequest@8bfde3f[ticketId=ST-2-k36PYFnDfyUmNh0AfOyYxspF9Wk,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4423027b[id=https://localhost/sample/,originalUrl=https://localhost/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]] created for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4423027b[id=https://localhost/sample/,originalUrl=https://localhost/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] and ticket id [ST-2-k36PYFnDfyUmNh0AfOyYxspF9Wk]>
DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout type registered for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4423027b[id=https://localhost/sample/,originalUrl=https://localhost/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] is [BACK_CHANNEL]>
DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating back-channel logout request based on [org.apereo.cas.logout.DefaultLogoutRequest@8bfde3f[ticketId=ST-2-k36PYFnDfyUmNh0AfOyYxspF9Wk,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@4423027b[id=https://localhost/sample/,originalUrl=https://localhost/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]>
DEBUG [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3-AX95m-4xwhlrPSt1yBFJhmd8" Version="2.0" IssueInstant="2018-05-07T12:58:22Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-k36PYFnDfyUmNh0AfOyYxspF9Wk</samlp:SessionIndex></samlp:LogoutRequest>]>
DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Preparing logout request for [https://localhost/sample/] to [https://localhost/sample/]>
DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout message to send is [org.apereo.cas.logout.LogoutHttpMessage@98d6adae[url=https://localhost/sample/,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3-AX95m-4xwhlrPSt1yBFJhmd8" Version="2.0" IssueInstant="2018-05-07T12:58:22Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-k36PYFnDfyUmNh0AfOyYxspF9Wk</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded,responseCode=0]]. Sending...>
DEBUG [org.apereo.cas.util.http.SimpleHttpClient] - <Created HTTP post message payload [POST https://localhost/sample/ HTTP/1.1]>
INFO [org.apereo.cas.logout.DefaultLogoutManager] - <[1] logout requests were processed>
DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing children of ticket [TGT-***-3-OpdpyYQ-30drQ-V8rkjwQCHODuK-QYo-agSgvHauJlolDzFv9aedgeQhYDRMztm-dNk] from the registry.>
DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Unable to remove ticket [ST-2-k36PYFnDfyUmNh0AfOyYxspF9Wk]>
DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket [TGT-***-3-OpdpyYQ-30drQ-V8rkjwQCHODuK-QYo-agSgvHauJlolDzFv9aedgeQhYDRMztm-dNk] from the registry.>

[Ray Bon]

Iker,

It looks like the logout message was sent. Was it received and processed by the client?

It could be that the ST was removed earlier or that the ticket was expired and the response from the cache was interpreted by CAS as 'Unable to remove...'.

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca