Your first ST was issued at 2015-11-03 16:38:05. The validation attempt was at 2015-11-03 16:38:15. That’s a 10-second difference. Its by default expire at 10 seconds. So you may want to increase your ST timeout.
- Misagh > On Nov 3, 2015, at 4:16 PM, Song, Doe-Hyun <[email protected]> wrote: > > I saw the link but it is for other class. And i assumed it so. But why my > duplicated aservice ticket is expired within a second. > ________________________________________ > From: Misagh Moayyed [[email protected]] > Sent: Tuesday, November 03, 2015 5:17 PM > To: [email protected] > Subject: RE: [cas-user] ehcache and Service Ticket Validation fails > > Seconds: > http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- > > > From: Song, Doe-Hyun [mailto:[email protected]] > Sent: Tuesday, November 3, 2015 3:06 PM > To: [email protected] > Subject: RE:[cas-user] ehcache and Service Ticket Validation fails > > BTW, this is the one copied from 4.1 document. > > <bean id="serviceTicketsCache" > class="org.springframework.cache.ehcache.EhCacheFactoryBean" > parent="abstractTicketCache" > p:cacheName="cas_st" > p:timeToIdle="0" > p:timeToLive="300" > p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" /> > > Log shows copied ServiceTicket is expired. I can not find the timeToLive > information from EhCacheFactoryBean document. Is it millisecond instead of > second? If so, what value should I set instead of 300? > > 2015-11-03 16:38:15,721 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > - ServiceTicket [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. > > > From: Song, Doe-Hyun > Sent: Tuesday, November 03, 2015 4:57 PM > To: [email protected]<mailto:[email protected]> > Subject: [cas-user] ehcache and Service Ticket Validation fails > > I am using 4.1 and installed ehcache for two cas servers. It is quiet random > – fail sometimes and succeed sometimes. > > There are two servers and server1 creates TGT and ST successfully. Server2 > tries to validate ST and fails. The following is both servers’ logs. > > Interestingly, I can see cas_st.data file is always 0 size no matter what > validate fails or succeeds. > > > Server1 > > 2015-11-03 16:38:04,958 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > LdapAuthenticationHandler successfully authenticated temp+password > 2015-11-03 16:38:04,973 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > Authenticated temp with credentials [temp+password]. > 2015-11-03 16:38:04,976 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: temp+password > WHAT: supplied credentials: [temp+password] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:04 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > ============================================================= > > > 2015-11-03 16:38:04,976 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: temp+password > WHAT: supplied credentials: [temp+password] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:04 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > ============================================================= > > > 2015-11-03 16:38:04,978 DEBUG [net.sf.ehcache.store.disk.Segment] - put added > 0 on heap > 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > removed 0 from heap > 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > added 0 on disk > 2015-11-03 16:38:04,985 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: temp+password > WHAT: > TGT-**********************************************GsFfWjbxN6-cas.server.net > ACTION: TICKET_GRANTING_TICKET_CREATED > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:04 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > ============================================================= > > > 2015-11-03 16:38:04,985 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: temp+password > WHAT: > TGT-**********************************************GsFfWjbxN6-cas.server.net > ACTION: TICKET_GRANTING_TICKET_CREATED > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:04 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > ============================================================= > > > 2015-11-03 16:38:05,546 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > LdapAuthenticationHandler successfully authenticated temp+password > 2015-11-03 16:38:05,549 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > Authenticated temp with credentials [temp+password]. > 2015-11-03 16:38:05,550 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: temp+password > WHAT: supplied credentials: [temp+password] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:05 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > ============================================================= > > > 2015-11-03 16:38:05,550 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: temp+password > WHAT: supplied credentials: [temp+password] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:05 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > ============================================================= > > > 2015-11-03 16:38:05,573 DEBUG [net.sf.ehcache.store.disk.Segment] - put added > 0 on heap > 2015-11-03 16:38:05,577 DEBUG [net.sf.ehcache.store.disk.Segment] - put > updated, deleted 0 on heap > 2015-11-03 16:38:05,577 DEBUG [net.sf.ehcache.store.disk.Segment] - put > updated, deleted 0 on disk > 2015-11-03 16:38:05,578 DEBUG [net.sf.ehcache.store.disk.Segment] - put added > 0 on heap > 2015-11-03 16:38:05,578 DEBUG > [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL > //apparms01q:41001/cas_st > 2015-11-03 16:38:05,580 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > removed 0 from heap > 2015-11-03 16:38:05,580 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > added 0 on disk > 2015-11-03 16:38:05,581 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > removed 0 from heap > 2015-11-03 16:38:05,581 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > added 0 on disk > 2015-11-03 16:38:05,610 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > - Granted ticket [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] for service > [https://apparms.server.net/] for user [temp] > 2015-11-03 16:38:05,617 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: temp > WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net for https://apparms.server.net/ > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:05 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > ============================================================= > > > 2015-11-03 16:38:05,617 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: temp > WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net for https://apparms.server.net/ > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:05 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > ============================================================= > > > 2015-11-03 16:38:05,856 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - > RMICachePeer for cache cas_st: remote remove received for key: > ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net > 2015-11-03 16:38:05,878 DEBUG [net.sf.ehcache.store.disk.Segment] - remove > deleted 0 from heap > 2015-11-03 16:38:05,879 DEBUG [net.sf.ehcache.store.disk.Segment] - remove > deleted 0 from disk > 2015-11-03 16:38:12,889 DEBUG > [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL > //apparms01q:41001/cas_tgt > > > Server 2. > > 2015-11-03 16:38:15,494 DEBUG [net.sf.ehcache.store.disk.Segment] - put added > 0 on heap > 2015-11-03 16:38:15,496 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - > RMICachePeer for cache cas_st: remote put received. Element is: [ key = > ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net, > value=ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net, version=1, hitCount=0, > CreationTime = 1446586686000, LastAccessTime = 1446586695494 ] > 2015-11-03 16:38:15,498 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > removed 0 from heap > 2015-11-03 16:38:15,498 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > added 0 on disk > 2015-11-03 16:38:15,721 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > - ServiceTicket [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. > 2015-11-03 16:38:15,730 DEBUG [net.sf.ehcache.store.disk.Segment] - remove > deleted 0 from heap > 2015-11-03 16:38:15,730 DEBUG [net.sf.ehcache.store.disk.Segment] - remove > deleted 0 from disk > 2015-11-03 16:38:15,731 DEBUG > [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL > //apparms02q:41003/cas_st > 2015-11-03 16:38:15,801 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net > ACTION: SERVICE_TICKET_VALIDATE_FAILED > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:15 EST 2015 > CLIENT IP ADDRESS: 126.90.100.137 > SERVER IP ADDRESS: 126.90.100.139 > ============================================================= > > > 2015-11-03 16:38:15,801 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net > ACTION: SERVICE_TICKET_VALIDATE_FAILED > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:15 EST 2015 > CLIENT IP ADDRESS: 126.90.100.137 > SERVER IP ADDRESS: 126.90.100.139 > ============================================================= > > > 2015-11-03 16:38:22,804 DEBUG [net.sf.ehcache.store.disk.Segment] - put added > 0 on heap > 2015-11-03 16:38:22,806 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - > RMICachePeer for cache cas_tgt: remote put received. Element is: [ key = > TGT-**********************************************GsFfWjbxN6-cas.server.net, > value=TGT-**********************************************GsFfWjbxN6-cas.server.net, > version=1, hitCount=0, CreationTime = 1446586685000, LastAccessTime = > 1446586702804 ] > 2015-11-03 16:38:22,807 DEBUG [net.sf.ehcache.store.disk.Segment] - put added > 0 on heap > 2015-11-03 16:38:22,807 DEBUG [net.sf.ehcache.store.disk.Segment] - put > updated, deleted 0 on heap > 2015-11-03 16:38:22,808 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - > RMICachePeer for cache cas_tgt: remote put received. Element is: [ key = > TGT-**********************************************GsFfWjbxN6-cas.server.net, > value=TGT-**********************************************GsFfWjbxN6-cas.server.net, > version=1, hitCount=0, CreationTime = 1446586686000, LastAccessTime = > 1446586702807 ] > 2015-11-03 16:38:22,808 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > removed 0 from heap > 2015-11-03 16:38:22,809 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > added 0 on disk > 2015-11-03 16:38:22,809 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > installation failed, deleted 0 from heap > 2015-11-03 16:38:22,809 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > installation failed deleted 0 from disk > 2015-11-03 16:38:22,813 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > removed 0 from heap > 2015-11-03 16:38:22,815 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > added 0 on disk > > > > -- > > You are currently subscribed to > [email protected]<mailto:[email protected]> as: > [email protected]<mailto:[email protected]> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > The information contained in this e-mail and any attachments is confidential > and > > intended only for the recipient. If you are not the intended recipient, the > > information contained in this message may not be used, copied, or forwarded to > > third parties or otherwise distributed for any other purpose. Please notify > the > > sender if you received this e-mail in error and delete the e-mail and its > > attachments promptly. Nothing in this e-mail may be used or deemed to form > the > > basis of a contractual or any other legally binding obligation unless > separately > > confirmed in writing by an authorized representative of ARMADA. > > > > -- > > You are currently subscribed to > [email protected]<mailto:[email protected]> as: > [email protected]<mailto:[email protected]> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > The information contained in this e-mail and any attachments is confidential > and > > intended only for the recipient. If you are not the intended recipient, the > > information contained in this message may not be used, copied, or forwarded to > > third parties or otherwise distributed for any other purpose. Please notify > the > > sender if you received this e-mail in error and delete the e-mail and its > > attachments promptly. Nothing in this e-mail may be used or deemed to form > the > > basis of a contractual or any other legally binding obligation unless > separately > > confirmed in writing by an authorized representative of ARMADA. > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > The information contained in this e-mail and any attachments is confidential > and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or forwarded to > third parties or otherwise distributed for any other purpose. Please notify > the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to form > the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
