Vikash, I would think it unlikely that cas is creating duplicate ST, since most of the ST is randomly generated. Perhaps something between cas and the browser is re-sending? Cas logs will show 'creating/validating service ticket' messages. Check logs of apache and the load balancer.
Ray On Sat, 2022-08-13 at 07:13 +0530, Vikash Chandra Ansh wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Thanks Ray for your quick response. But in my case sometime,same ST is getting forwarded to client side multiple time one with 302 response and rest other with 401. Could you please guide why this is happening? Yes i have NLB on top of my CAS Apache Web server on which sticky session is enabled. On Fri, Aug 12, 2022, 8:42 PM Ray Bon <r...@uvic.ca<mailto:r...@uvic.ca>> wrote: Vikash, I assume you have a load balancer in front of the Apache Web servers that is setting the sticky sessions. I also assume that multiple new ST are being created, not that your service application is sending the same ST multiple times. The application sends the ST to Cas directly, not through the browser. So the application gets its own sticky session which is likely to be on a different Apache server than the one the user's browser is on. Thus you need a ticket storage system that is shared by both Cas servers. I found that ehCache did not replicate fast enough so I switched to hazelcast. Other cache systems may work, same with a database. Ray On Fri, 2022-08-12 at 17:14 +0530, Vikash Chandra Ansh wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Team. I have encountered a strange issue. I have integrated an application with CAS. During authentication sometime, same ST is getting generated multiple times. One ST one getting validated and rest are 401. As per the logs from my integrated application, I can see same ST is generated 6 to 8 times and received validation request back on both of the CAS app servers. Ideally it should go on only one of the server for validation.and Regards Here my CAS is hosted on two app servers and on top of it two Apache Web servers are there. It's confirmed that sticky session is also enabled. Currently CAS version I am using is 5.2.9 Thanks Vikash Chandra -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5b9a50575d454a139aee5d1a7190442afe8e669b.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/5b9a50575d454a139aee5d1a7190442afe8e669b.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5050d2b2abc4ee2f250133bafd205745444a866a.camel%40uvic.ca.
