Threading issues: Service ticket does not exist

47 views

Skip to first unread message

Mark van Rossum

unread,

Feb 15, 2022, 9:55:46 PM2/15/22

to CAS Community

Hi,

I'm upgrading to CAS 6.5.0 with delegated authentication to Azure AD using OAuth.

I'm load testing it using a second CAS instance as a "mock" OAuth end point rather than AAD. We've already hit several bugs [1], [2] on previous releases with threading issues under load.

The load test:

Steps through an OAuth login
Validates the ticket
Obtains a proxy IOU, retrieves the proxy ticket itself, and validates this.
"Logs in" again but this time it already has a SSO session so no OAuth
Validates this ticket.

Release 6.5.0 seemed to fix most problems. My load tests run OK at 500 logins/min but above this I'm getting errors:

WARN [org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket [xxxxxxxxxxxxx] does not exist.>

And the client gets:

<cas:authenticationFailure code="INVALID_TICKET">Ticket 'ST-8315-5xte-xOJmYBrgw1IGLe5Tzqxu20-IT080096' not recognized</cas:authenticationFailure>

This looks similar to the bug [2] where the same ticket was given to multiple clients, and it was then a race which of them validated it first.

CAS doesn't seem to have any sort of issue tracker on Github so I can't see how to raise this, but given the previous bugs it seems likely there are still threading issues.

Has anyone else encountered this, or know of any workaround? I've spent a huge amount of time testing this now, I don't know if we are going to be able to upgrade our CAS instance at all now unless I can find some resolution to this!

Thanks,

Mark van Rossum

[1] https://github.com/apereo/cas/pull/5315

[2] https://github.com/apereo/cas/pull/5350

Ray Bon

unread,

Feb 16, 2022, 10:28:24 PM2/16/22

to cas-...@apereo.org

Mark,

Could this be a problem with the ticket storage system?

Maybe it can not keep up with the load.

Did you try the test using the in memory ticket store?

Ray

On Tue, 2022-02-15 at 08:06 -0800, Mark van Rossum wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

--

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.

Reply all

Reply to author

Forward

0 new messages