[cas-user] CAS 6.3 got InvalidTicketException when I stay on login page more than 5 minutes

2 views
Skip to first unread message

He Vincent

unread,
Oct 14, 2021, 11:10:16 PMOct 14
to CAS Community
I waited for more than 5 minues at the login page, then I login as normal, it will got error:

CAS is unable to process this request: "500:Internal Server Error"

org.apereo.cas.ticket.InvalidTicketException at org.apereo.cas.DefaultCentralAuthenticationService.validateServiceTicket(DefaultCentralAuthenticationService.java:225) at org.apereo.cas.DefaultCentralAuthenticationService$$FastClassBySpringCGLIB$$b02e48f2.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88) at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:135) at jdk.internal.reflect.GeneratedMethodAccessor245.invoke(Unknown Source)

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ff53cc06-38df-4c2f-94a1-5c92eebe88bcn%40apereo.org.

He Vincent

unread,
Oct 14, 2021, 11:28:20 PMOct 14
to CAS Community, He Vincent
CAS Protocol has no such issue. It got this issue when I use SAML, OAuth2 or OIDC.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57c47819-d306-4038-9edd-efba9abeadcdn%40apereo.org.

Jeremiah Garmatter

unread,
Oct 15, 2021, 11:44:06 AMOct 15
to CAS Community, He Vincent
I had this issue with SAML as well. The issue appeared when I used the embedded web server, after deploying externally to apache tomcat, I no longer have this problem. CAS 6.3.4, Tomcat 9.0.46
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/34018e0e-5781-4ad1-b2a2-ffea7ff9df09n%40apereo.org.

He Vincent

unread,
Oct 17, 2021, 9:14:49 PMOct 17
to CAS Community, j-gar...@onu.edu, He Vincent
Thank, I will try to deploy it with tomcat later.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf1b485f-0609-48c1-a510-a1c75fe4f32cn%40apereo.org.

He Vincent

unread,
Oct 19, 2021, 3:31:17 AMOct 19
to CAS Community, He Vincent, j-gar...@onu.edu
I deployed it to external tomcat, it resolved the issue partially. It will got the same issue after 30 minutes.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ce8b03d-b357-4cc7-9416-d42f500119a1n%40apereo.org.

He Vincent

unread,
Oct 19, 2021, 4:40:37 AMOct 19
to CAS Community, He Vincent, j-gar...@onu.edu
I think I may find the RCA, it is due to the tomcat session-timeout.
    <session-config>
<session-timeout>30</session-timeout>
</session-config>
In external tomcat, it is 30 minutes by default. It may be set to 5 minutes for embedded tomcat.


He Vincent在 2021年10月18日星期一上午9:14:47 [UTC+8]寫道:
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f01449b-813e-4b36-b745-1b9236eb4f04n%40apereo.org.

Jeremiah Garmatter

unread,
Oct 19, 2021, 9:44:13 AMOct 19
to CAS Community, He Vincent
I have that set to 30 as well, but when I wait for 35 minutes I can still log in. One time I left it open for hours and was able to log in still. Using Chrome browser v94.0.4606.81
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ed892cfc-7fa5-4649-a8c3-b5c5a64d20bdn%40apereo.org.

He Vincent

unread,
Oct 19, 2021, 9:09:19 PMOct 19
to CAS Community, j-gar...@onu.edu, He Vincent
It is very strange, I set session-timeout to 3 minutes for testing, it will get the issue after 3 minutes.
Here is my configure:
Chrome 95.0.4638.54
nginx 1.18.0 as the reverse proxy at port 443.
Tomcat 9.0.54 at port 8443 with  protocol="org.apache.coyote.http11.Http11NioProtocol"  and SSLEnabled="true"
cas 6.3.7 with SAML OAUTH and OIDC
gradle.properties with appServer= since I use external tomcat.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3a9440f8-7e27-4e66-b6e6-9c5768256988n%40apereo.org.
Reply all
Reply to author
Forward
0 new messages