Testing CAS 6.6.8.
I have ST persisted to postgres db.
User logs in, i see ticket created in CAS logs. Then I see in browser a
redirect with SAMLart query parameter with the same ticket and a 500.
CAS logs then show ticket is invalid even though ST was created with the
same second and this is the first time being used:
WHO: audit:unknown
WHAT:
{ticket=ST-AAHJiT+kQbIMdHbOBFu0HYQw8IWXSOsHmkv0HGmNGYU6zeAGd04MwG8u,
service=https://www.xxx.com/myapp/api/user/profile}
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Fri Aug 18 13:54:51 MST 2023
CLIENT IP ADDRESS: xxx.xx.xxx.xxx
SERVER IP ADDRESS: www.xxx.com
And throws back a denied Saml response:
[<?xml version="1.0" encoding="UTF-8"?><saml1p:Response
xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"
InResponseTo="_ec2e5252a76f05a00f75d5b7a97f5a65"
IssueInstant="2023-08-18T20:54:29.255Z" MajorVersion="1" MinorVersion="1"
ResponseID="_8c3c28ff013ed82e1dc573a02b7a949b">
<saml1p:Status>
<saml1p:StatusCode Value="saml1p:RequestDenied"/>
<saml1p:StatusMessage>Ticket
'ST-AAHJiT+kQbIMdHbOBFu0HYQw8IWXSOsHmkv0HGmNGYU6zeAGd04MwG8u' not recognized
</saml1p:StatusMessage>
</saml1p:Status>
</saml1p:Response>
]
I have about 6 async API calls behind CAS and first call to them trigger a
service ticket. What could be causing this? I thought maybe there was a
delay so I tried using in Memory db for ticket but issue is still there.
Could many request for ST's be clobbering other tickets before the others
get validated first?
-psv
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1c4b22c4-36fc-45e6-92ee-00415f8ba844n%40apereo.org.
