why is ST added twice? cas 4.1.9 and hazelcast ticket registry

26 views
Skip to first unread message

Yan Zhou

unread,
Feb 28, 2019, 1:43:10 PM2/28/19
to CAS Community
Hello, 

I am debugging an issue that CAS intermittently says that a ST does not exist, and therefore /serviceValidate fails.  I am running cas 4.1.9 on hazelcast ticket registry. I have multiple instances of CAS running behind a load balancer, each CAS process also runs hazelcast embedded as part of CAS.  

I already verified that the time of /serviceValidate is immediately after the ST is granted, and that is the only time ST is validated. Still, intermittently, CAS says ST does not exist. 

I enabled debugging, noticed that the log shows a ST is added twice, first when ST is granted and 2nd when /serviceValidate is called. Why is the 2nd one added again?

Thx!

This is where it shows ST seems to be added twice after enable debug logging. 

casoverlay.log:2019-02-28 18:30:30,233 DEBUG [org.jasig.cas.ticket.registry.HazelcastTicketRegistry] - Adding ticket [ST-1-3t7LPYKicasSiVBs6Rhd-qacasnext03.qa.medplus.com] with ttl [60s]
casoverlay.log:2019-02-28 18:30:30,260 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted ticket [ST-1-3t7LPYKicasSiVBs6Rhd-qacasnext03.qa.medplus.com] for service [https://care360-auto3.qa.medplus.com/care360-admin/Care360SecurityCheck] for user [castempadmin]


casoverlay.log:2019-02-28 18:30:40,018 DEBUG [org.jasig.cas.ticket.registry.HazelcastTicketRegistry] - Adding ticket [ST-1-3t7LPYKicasSiVBs6Rhd-qacasnext03.qa.medplus.com] with ttl [60s]
casoverlay.log:2019-02-28 18:30:40,106 DEBUG [org.jasig.cas.web.QuestServiceValidateController] - Successfully validated service ticket ST-1-3t7LPYKicasSiVBs6Rhd-qacasnext03.qa.medplus.com for service [https://care360-auto3.qa.medplus.com/care360-admin/Care360SecurityCheck]


This following one is my problem, ST does not exist, even though it was just granted. 

casoverlay.log:2019-02-26 17:20:04,362 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted ticket [ST-19-LDMqVJYUuNcgyeisy3F7-qacasnext03.qa.medplus.com] for service [https://care360-auto3.qa.medplus.com/care360-admin/Care360SecurityCheck] for user [asmitaauto3sa]

 


casoverlay.log:2019-02-26 17:20:04,474 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Service ticket [ST-19-LDMqVJYUuNcgyeisy3F7-qacasnext03.qa.medplus.com] does not exist.

 

Notice /serviceValidate was called immediately after the ST is granted


localhost_access_log.2019-02-26.txt:172.18.52.60 - - [26/Feb/2019:17:20:04 +0000] "GET /cas/serviceValidate?ticket=ST-19-LDMqVJYUuNcgyeisy3F7-qacasnext03.qa.medplus.com&service=https%3A%2F%2Fcare360-auto3.qa.medplus.com%2Fcare360-admin%2FCare360SecurityCheck HTTP/1.1" 200 274 "-" "Java/1.6.0_71"



Thx!

Yan

Ray Bon

unread,
Feb 28, 2019, 4:53:03 PM2/28/19
to cas-...@apereo.org
Yan,

I think the second add is really an update to expire the ticket.
Not sure why the ticket cannot be found.

Ray
-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
Reply all
Reply to author
Forward
0 new messages