Misagh, I've looked at the docs and increased the the service ticket timeout to 30 seconds: st.timeToKillInSeconds=30
Now I am no longer receiving the too many redirect errors and am able to login to my service and management web application but I am confused about something. 1. I was able to confirm that node1 is the only one having the problem (I have all my logs set to debug) and the nodes should be the same and I can't figure out why I need to increase the st ttl on node1 but not node2. 2. Node1 and node2 share ticket registries so I don't believe it is a problem with that. Any insight would be helpful, Thanks for your help. On Tuesday, August 2, 2016 at 4:18:58 PM UTC-4, Misagh Moayyed wrote: > > See > https://apereo.github.io/cas/4.2.x/installation/Troubleshooting-Guide.html > > On Tuesday, August 2, 2016 at 11:49:49 AM UTC-7, John Stevens II wrote: >> >> I have a problem that randomly happens, after hitting my service url >> successfully I get redirected to CAS login page, I login successfully and >> get redirected to my service but the service fails to load with the browser >> error "*performance.example.com <http://performance.example.com>* redirected >> you too many times." >> >> Setup: >> 2 Active node servers behind F5 lb w/ source afffinity >> shared couchbase ticket and service registry >> >> When the issue occurs in the logs the service tickets are created on one >> server and are validated on the other server (fails validation) >> >> CAS Server 1 (cas1.example.com): >> >> ============================================================= >> WHO: user1 >> WHAT: Supplied credentials: [user1] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:07 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.142 >> ============================================================= >> >> > >> 2016-08-02 14:35:07,579 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: TGT-********************************************** >> OsqfxL4sVn-cas1.example.com >> ACTION: TICKET_GRANTING_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:07 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.142 >> ============================================================= >> >> > >> 2016-08-02 14:35:07,600 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ >> ST-68-YJvyjEaYZCeKhFhHxet1-cas1.example.com] for service [ >> http://performance.example.com/cas/login/] and principal [user1]> >> 2016-08-02 14:35:07,608 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: user1 >> WHAT: ST-68-YJvyjEaYZCeKhFhHxet1-cas1.example.com for >> http://performance.example.com/cas/login/ >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:07 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.142 >> ============================================================= >> >> > >> 2016-08-02 14:35:07,706 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ >> ST-69-IjRkj39xVHYQHIlTZaer-cas1.example.com] for service [ >> http://performance.example.com/cas/login/] and principal [user1]> >> 2016-08-02 14:35:07,710 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: user1 >> WHAT: ST-69-IjRkj39xVHYQHIlTZaer-cas1.example.com for >> http://performance.example.com/cas/login/ >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:07 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.142 >> ============================================================= >> >> > >> 2016-08-02 14:35:07,803 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ >> ST-70-lOLGaHuNJ6GWz2euScXS-cas1.example.com] for service [ >> http://performance.example.com/cas/login/] and principal [user1]> >> 2016-08-02 14:35:07,807 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: user1 >> WHAT: ST-70-lOLGaHuNJ6GWz2euScXS-cas1.example.com for >> http://performance.example.com/cas/login/ >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:07 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.142 >> ============================================================= >> >> > >> 2016-08-02 14:35:07,895 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ >> ST-71-gTqf6iPzhHTA1JhXux0Z-cas1.example.com] for service [ >> http://performance.example.com/cas/login/] and principal [user1]> >> 2016-08-02 14:35:07,899 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: user1 >> WHAT: ST-71-gTqf6iPzhHTA1JhXux0Z-cas1.example.com for >> http://performance.example.com/cas/login/ >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:07 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.142 >> ============================================================= >> >> > >> 2016-08-02 14:35:07,983 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ >> ST-72-vA1nKtvrcHWlgLODqn5e-cas1.example.com] for service [ >> http://performance.example.com/cas/login/] and principal [user1]> >> 2016-08-02 14:35:07,987 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: user1 >> WHAT: ST-72-vA1nKtvrcHWlgLODqn5e-cas1.example.com for >> http://performance.example.com/cas/login/ >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:07 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.142 >> ============================================================= >> >> >> >> CAS Server 2 (cas2.example.com): >> >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-2-IKC4I2uigDw5DwcrMAkI-cas2.example.com >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:10 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.143 >> ============================================================= >> >> > >> 2016-08-02 14:35:22,082 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ >> ST-68-YJvyjEaYZCeKhFhHxet1-cas1.example.com] has expired.> >> 2016-08-02 14:35:22,091 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-68-YJvyjEaYZCeKhFhHxet1-cas1.example.com >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:22 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.143 >> ============================================================= >> >> > >> 2016-08-02 14:35:22,174 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ >> ST-69-IjRkj39xVHYQHIlTZaer-cas1.example.com] has expired.> >> 2016-08-02 14:35:22,181 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-69-IjRkj39xVHYQHIlTZaer-cas1.example.com >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:22 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.143 >> ============================================================= >> >> > >> 2016-08-02 14:35:22,274 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ >> ST-70-lOLGaHuNJ6GWz2euScXS-cas1.example.com] has expired.> >> 2016-08-02 14:35:22,281 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-70-lOLGaHuNJ6GWz2euScXS-cas1.example.com >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:22 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.143 >> ============================================================= >> >> > >> 2016-08-02 14:35:22,364 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ >> ST-71-gTqf6iPzhHTA1JhXux0Z-cas1.example.com] has expired.> >> 2016-08-02 14:35:22,370 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-71-gTqf6iPzhHTA1JhXux0Z-cas1.example.com >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:22 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.143 >> ============================================================= >> >> > >> 2016-08-02 14:35:22,579 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ >> ST-72-vA1nKtvrcHWlgLODqn5e-cas1.example.com] has expired.> >> 2016-08-02 14:35:22,591 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-72-vA1nKtvrcHWlgLODqn5e-cas1.example.com >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Aug 02 14:35:22 EDT 2016 >> CLIENT IP ADDRESS: 192.168.0.100 >> SERVER IP ADDRESS: 192.168.21.143 >> ============================================================= >> >> >> >> >> -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e4aeea7c-542d-44ea-b0c8-ab4f39b4cca9%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
