CAS 6.3 got InvalidTicketException when I stay on login page more than 5 minutes

25 views
Skip to first unread message

He Vincent

unread,
Oct 14, 2021, 11:10:14 PM10/14/21
to CAS Community
I waited for more than 5 minues at the login page, then I login as normal, it will got error:

CAS is unable to process this request: "500:Internal Server Error"

org.apereo.cas.ticket.InvalidTicketException at org.apereo.cas.DefaultCentralAuthenticationService.validateServiceTicket(DefaultCentralAuthenticationService.java:225) at org.apereo.cas.DefaultCentralAuthenticationService$$FastClassBySpringCGLIB$$b02e48f2.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88) at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:135) at jdk.internal.reflect.GeneratedMethodAccessor245.invoke(Unknown Source)

He Vincent

unread,
Oct 14, 2021, 11:28:18 PM10/14/21
to CAS Community, He Vincent
CAS Protocol has no such issue. It got this issue when I use SAML, OAuth2 or OIDC.

Jeremiah Garmatter

unread,
Oct 15, 2021, 11:44:04 AM10/15/21
to CAS Community, He Vincent
I had this issue with SAML as well. The issue appeared when I used the embedded web server, after deploying externally to apache tomcat, I no longer have this problem. CAS 6.3.4, Tomcat 9.0.46

He Vincent

unread,
Oct 17, 2021, 9:14:47 PM10/17/21
to CAS Community, j-gar...@onu.edu, He Vincent
Thank, I will try to deploy it with tomcat later.

He Vincent

unread,
Oct 19, 2021, 3:31:15 AM10/19/21
to CAS Community, He Vincent, j-gar...@onu.edu
I deployed it to external tomcat, it resolved the issue partially. It will got the same issue after 30 minutes.

He Vincent

unread,
Oct 19, 2021, 4:40:36 AM10/19/21
to CAS Community, He Vincent, j-gar...@onu.edu
I think I may find the RCA, it is due to the tomcat session-timeout.
    <session-config>
<session-timeout>30</session-timeout>
</session-config>
In external tomcat, it is 30 minutes by default. It may be set to 5 minutes for embedded tomcat.


He Vincent在 2021年10月18日星期一上午9:14:47 [UTC+8]寫道:

Jeremiah Garmatter

unread,
Oct 19, 2021, 9:44:10 AM10/19/21
to CAS Community, He Vincent
I have that set to 30 as well, but when I wait for 35 minutes I can still log in. One time I left it open for hours and was able to log in still. Using Chrome browser v94.0.4606.81

He Vincent

unread,
Oct 19, 2021, 9:09:17 PM10/19/21
to CAS Community, j-gar...@onu.edu, He Vincent
It is very strange, I set session-timeout to 3 minutes for testing, it will get the issue after 3 minutes.
Here is my configure:
Chrome 95.0.4638.54
nginx 1.18.0 as the reverse proxy at port 443.
Tomcat 9.0.54 at port 8443 with  protocol="org.apache.coyote.http11.Http11NioProtocol"  and SSLEnabled="true"
cas 6.3.7 with SAML OAUTH and OIDC
gradle.properties with appServer= since I use external tomcat.
Reply all
Reply to author
Forward
0 new messages