TerminateWebSessionListener issue

13 views
Skip to first unread message

Linda Toth

unread,
Nov 3, 2016, 5:48:33 PM11/3/16
to CAS Community
I think this issue contributed to CAS failing 10/31.  I noticed that it was opened as early as 2012 for 3.5.1, and there were several other reports of the same issue.

I have been searching through the forums to find suggested parameter settings to resolve the issue.  Does anyone have any insight into this?

Linda


Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity and Access Management
910 Yukon Drive, Suite 103
Fairbanks, Alaska 99775

Linda Toth

unread,
Nov 3, 2016, 7:13:55 PM11/3/16
to CAS Community
Hello

I focused on the test environment, which has fewer users, making it easier to trace a particular user session.  I was finally able to track down the meaning of this exception in my logs, although the results was not what I expected.

In the cas.log for 11/2/2015 on our TEST environment, I found references to a Ticket Granting ticket, TGT-7-q699ZXxfKNPnHU1X9d3zBXfOKwXfLTZLaWQXplYhxX6pv9gauL-cas-test.alaska.edu

Today, 11/3, that ticket was still in memory so when the same user logged in, it first attempted to get that ticket, found the FlowSession had expired, then issued another ticket.  This is creating a phenomenon whereby a user gets the successful login page, rather than the target URL.  If the user backspaces or tries to enter the URL, a new TGT is granted, followed by the service ticket.

I confirmed with the EAS staff member that in fact he did received that message today when he logged into BEIS TEST.

The parameters on this system are not set for over 24 hours.  Why is that ticket still active in memory?

Here are the parameters as they are currently set:

    <!-- Expiration policies -->

    <util:constant id="SECONDS" static-field="java.util.concurrent.TimeUnit.SECONDS"/>

    <bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy"

          c:numberOfUses="1" c:timeToKill="${st.timeToKillInSeconds:30}" c:timeUnit-ref="SECONDS"/>


    <!-- TicketGrantingTicketExpirationPolicy: Default as of 3.5 -->

    <!-- Provides both idle and hard timeouts, for instance 2 hour sliding window with an 8 hour max lifetime -->

    <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"

          p:maxTimeToLiveInSeconds="${tgt.maxTimeToLiveInSeconds:30000}"

          p:timeToKillInSeconds="${tgt.timeToKillInSeconds:7200}"/>


Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity and Access Management
910 Yukon Drive, Suite 103
Fairbanks, Alaska 99775


Reply all
Reply to author
Forward
0 new messages