CAS 5.2.6 / proxy ticket / mongoDb ticket registry & authn

[Eric D]

Hello,

I'm facing a problem when trying to use the proxy ticket registry.

My configuration is cas 5.2.6 using authentication and ticket registry with mongoDB.

When running cas-sample provided by spring security running on port 8092.

In my application.yml I tried to set this parameter:

cas:

  ticket:

    pt:

      timeToKillInSeconds: 60  

whitout success , I'm stucked, , please have you any suggestion?

See below error log, from cas.log.

=============================================================

WHO: x...@yyy.com

WHAT: PT-14-VMhxnDo1GZlu0NHFTuZS1CnxDS4-PC-BE-ED for http://localhost:8092/cas-sample/secure/

ACTION: PROXY_TICKET_CREATED

APPLICATION: CAS

WHEN: Wed Aug 22 15:14:12 CEST 2018

CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

=============================================================

>

2018-08-22 15:14:12,078 ERROR [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - <Cannot read/parse JSON [{"@class":"org.apereo.cas.ticket.ProxyTicketImpl","@id":1,"id":"PT-14-VMhxnDo1GZlu0NHFTuZS1CnxDS4-PC-BE-ED","grantingTicke...] to deserialize into type [interface org.apereo.cas.ticket.ServiceTicket]. This may be caused in the absence of a configuration/support module that knows how to interpret the JSON fragment, specially if the fragment describes a CAS registered service definition. Internal parsing error is [Cannot construct instance of `org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy$ProxyTicketExpirationPolicy`, problem: timeToKillInSeconds must be greater than 0.

 at [Source: (String)"{"@class":"org.apereo.cas.ticket.ProxyTicketImpl","@id":1,"id":"PT-14-VMhxnDo1GZlu0NHFTuZS1CnxDS4-PC-BE-ED","grantingTicket":{"@class":"org.apereo.cas.ticket.ProxyGrantingTicketImpl","@id":2,"id":"PGT-7-*********************************************************08XHuZcLZ4-PC-BE-ED","proxiedBy":{"@class":"org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl","id":"http://localhost:8092/cas-sample/j_spring_cas_security_check","originalUrl":"http://localhost:8092/cas-sample/j_sprin"[truncated 9901 chars]; line: 1, column: 7364] (through reference chain: org.apereo.cas.ticket.ProxyTicketImpl["expirationPolicy"])]>

2018-08-22 15:14:12,079 ERROR [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Failed fetching [PT-14-VMhxnDo1GZlu0NHFTuZS1CnxDS4-PC-BE-ED]: [java.lang.RuntimeException: org.apereo.cas.ticket.ProxyTicketImpl]>

2018-08-22 15:14:12,079 ERROR [org.apereo.cas.web.AbstractServiceValidateController] - <Failed to create proxy granting ticket due to an invalid ticket for [http://localhost:8092/cas-sample/j_spring_cas_security_proxyreceptor]>

org.apereo.cas.ticket.InvalidTicketException: PT-14-VMhxnDo1GZlu0NHFTuZS1CnxDS4-PC-BE-ED

at org.apereo.cas.AbstractCentralAuthenticationService.verifyTicketState(AbstractCentralAuthenticationService.java:264) ~[cas-server-core-5.2.6.jar!/:5.2.6]

at org.apereo.cas.AbstractCentralAuthenticationService.getTicket(AbstractCentralAuthenticationService.java:173) ~[cas-server-core-5.2.6.jar!/:5.2.6]

at org.apereo.cas.AbstractCentralAuthenticationService$$FastClassBySpringCGLIB$$ba3315a1.invoke(<generated>) ~[cas-server-core-5.2.6.jar!/:5.2.6]

at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.3.16.RELEASE.jar!/:4.3.16.RELEASE]

[Eric D]

I've looking for MultiTimeUseOrTimeoutExpirationPolicy in the Proxy ticket collections and here is what i found:

`

"expirationPolicy":{

"@class":"org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy$ProxyTicketExpirationPolicy",

"numberOfUses":1,

"name":"ProxyTicketExpirationPolicy-27f631c4-f583-4d0b-b29a-6af4ba6f5ff4",

"timeToLive":10,

"currentSystemTime":1534931639.53

},

`

there's no timeToKillSeconds properties, probably be the reason why there's the message

[Cannot construct instance of org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy$ProxyTicketExpirationPolicy, problem: timeToKillInSeconds must be greater than 0.

Could this be related to a bug, or a misconfiguration?

Any suggestion are welcome.