CAS 6.3 got InvalidTicketException when I stay on login page more than 5 minutes
47 views
Skip to first unread message
He Vincent
Oct 14, 2021, 11:10:14 PM10/14/21
to CAS Community
I waited for more than 5 minues at the login page, then I login as normal, it will got error:
org.apereo.cas.ticket.InvalidTicketException
at org.apereo.cas.DefaultCentralAuthenticationService.validateServiceTicket(DefaultCentralAuthenticationService.java:225)
at org.apereo.cas.DefaultCentralAuthenticationService$$FastClassBySpringCGLIB$$b02e48f2.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88)
at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:135)
at jdk.internal.reflect.GeneratedMethodAccessor245.invoke(Unknown Source)
He Vincent
Oct 14, 2021, 11:28:18 PM10/14/21
to CAS Community, He Vincent
CAS Protocol has no such issue. It got this issue when I use SAML, OAuth2 or OIDC.
Jeremiah Garmatter
Oct 15, 2021, 11:44:04 AM10/15/21
to CAS Community, He Vincent
I had this issue with SAML as well. The issue appeared when I used the embedded web server, after deploying externally to apache tomcat, I no longer have this problem. CAS 6.3.4, Tomcat 9.0.46
He Vincent
Oct 17, 2021, 9:14:47 PM10/17/21
to CAS Community, j-gar...@onu.edu, He Vincent
Thank, I will try to deploy it with tomcat later.
He Vincent
Oct 19, 2021, 3:31:15 AM10/19/21
to CAS Community, He Vincent, j-gar...@onu.edu
I deployed it to external tomcat, it resolved the issue partially. It will got the same issue after 30 minutes.
He Vincent
Oct 19, 2021, 4:40:36 AM10/19/21
to CAS Community, He Vincent, j-gar...@onu.edu
I think I may find the RCA, it is due to the tomcat session-timeout.
<session-config>
<session-timeout>30</session-timeout>
</session-config>
In external tomcat, it is 30 minutes by default. It may be set to 5 minutes for embedded tomcat.
He Vincent在 2021年10月18日星期一上午9:14:47 [UTC+8]寫道:
Jeremiah Garmatter
Oct 19, 2021, 9:44:10 AM10/19/21
to CAS Community, He Vincent
I have that set to 30 as well, but when I wait for 35 minutes I can still log in. One time I left it open for hours and was able to log in still. Using Chrome browser v94.0.4606.81
He Vincent
Oct 19, 2021, 9:09:17 PM10/19/21
to CAS Community, j-gar...@onu.edu, He Vincent
It is very strange, I set session-timeout to 3 minutes for testing, it will get the issue after 3 minutes.
Here is my configure:
Chrome 95.0.4638.54
nginx 1.18.0 as the reverse proxy at port 443.
Tomcat 9.0.54 at port 8443 with protocol="org.apache.coyote.http11.Http11NioProtocol" and SSLEnabled="true"
cas 6.3.7 with SAML OAUTH and OIDC
gradle.properties with appServer= since I use external tomcat.
Reply all
Reply to author
Forward
0 new messages