CAS 5.3.14, saml2 ticket has expired/validate failed
43 views
Skip to first unread message
Keith Alston (Staff)
Apr 20, 2021, 12:35:01 PM4/20/21
to cas-...@apereo.org
Making great progress in trying to get another SAML2 service working. Running into the following error. Why would the ticket be expiring?
Using hazelcast with only a single node. localhost. And yes the system time is up to date.
Is there a way to view or flush the ticket registry?
2021-04-20 09:55:04,387 DEBUG [org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider] - <Attributes resolved by the release policy available for selection of username attribute [n
ull] are [{email=[kei...@regent.edu], name=[kei...@regent.edu]}].>
2021-04-20 09:55:04,388 DEBUG [org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy] -
<Ticket usage count [1] is greater than or equal to [1]. Ticket has expired>
2021-04-20 09:55:04,388 DEBUG [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map name [serviceTicketsCache] for ticket definition [DefaultTicketDefinition(implementationClass=clas
s org.apereo.cas.ticket.ServiceTicketImpl, prefix=ST, properties=DefaultTicketDefinitionProperties(cascade=false, storageName=serviceTicketsCache, storageTimeout=10, storagePassword=null), order=-21474
83648)]>
2021-04-20 09:55:04,388 DEBUG [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located Hazelcast map instance [serviceTicketsCache]>
2021-04-20 09:55:04,391 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket [ST-2-D5MBUjrRkgeqd7cxVSaIv8S0rz4cas10] from the registry.>
2021-04-20 09:55:04,392 DEBUG [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map name [serviceTicketsCache] for ticket definition [DefaultTicketDefinition(implementationClass=clas
s org.apereo.cas.ticket.ServiceTicketImpl, prefix=ST, properties=DefaultTicketDefinitionProperties(cascade=false, storageName=serviceTicketsCache, storageTimeout=10, storagePassword=null), order=-21474
83648)]>
2021-04-20 09:55:04,392 DEBUG [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located Hazelcast map instance [serviceTicketsCache]>
2021-04-20 09:55:04,395 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-2-D5MBUjrRkgeqd7cxVSaIv8S0rz4cas10 for https://casdev.regent.edu/cas/idp/profile/SAML2/Callback?entityId=https%3A%2F%2Fregent-team.myfreshworks.com%2Fsp%2FSAML%2...
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Tue Apr 20 09:55:04 EDT 2021
CLIENT IP ADDRESS: 10.10.40.12
SERVER IP ADDRESS: 10.10.40.12
=============================================================
>
2021-04-20 09:55:04,395 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Initiating transaction rollback>
2021-04-20 09:55:04,396 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch>
java.lang.NullPointerException: null
at java.lang.String$CaseInsensitiveComparator.compare(String.java:1192) ~[?:1.8.0_161]
at java.lang.String$CaseInsensitiveComparator.compare(String.java:1186) ~[?:1.8.0_161]
at java.util.TreeMap.getEntryUsingComparator(TreeMap.java:376) ~[?:1.8.0_161]
at java.util.TreeMap.getEntry(TreeMap.java:345) ~[?:1.8.0_161]
at java.util.TreeMap.containsKey(TreeMap.java:232) ~[?:1.8.0_161]
at org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider.resolveUsernameInternal(PrincipalAttributeRegisteredServiceUsernameProvider.java:50) ~[cas-server-core-services-ap
i-5.3.14.jar:5.3.14]
Ray Bon
Apr 20, 2021, 1:00:31 PM4/20/21
to cas-...@apereo.org
Keith,
It looks like the ticket was already used. Check earlier logs.
You may be able to get some more details from these loggers:
<AsyncLogger name="org.apereo.cas.ticket" level="debug" />
<AsyncLogger name="org.apereo.cas.util.http.SimpleHttpClient" level="debug" />
<AsyncLogger name="org.apache.http" level="debug" />
Ray
On Tue, 2021-04-20 at 16:34 +0000, Keith Alston (Staff) wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
Reply all
Reply to author
Forward
0 new messages