Riccardo, The ticket granting ticket destroyed is the result of the stale session. Your browser has a TGC from the old session and sends it to CAS. CAS finds the expired TGT and discards it from the ticket store. CAS then initiates an new log in flow.
Check that your client application is sending the correct return URL on expired session (your client may also have an expired session). Ray On Sun, 2019-03-10 at 23:41 -0700, Riccardo Saponi wrote: Hi everyone! we would like to have some support about this event in login webflow TICKET_GRANTING_TICKET_DESTROYED We have CAS 5.1.3 with a SAML delegation to another IDP and some web applications that are using CAS as SSO provider. In some case, when the user leave the browser open and inactive for many hours (e.g. the night), we got the event TICKET_GRANTING_TICKET_DESTROYED during the login webflow. This event seems to loose the original service of the web-app we used to call the Cas. We saw this event before SAML IDP is called. After the login on the IDP SAML the user is redirect on the success page of the CAS, instead of the initial service page. Our Cas version is 5.1.3. Anyone knows if this behaviour is correct or is a bug. We have default configurations on TGT and ST duration on cas.properties. We have look for any documentation about the event TICKET_GRANTING_TICKET_DESTROYED but with no success. This an example of cas_audit.log with wrong login web-flow. 2019-03-08 05:33:21,073 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [event=success,timestamp=Fri Mar 08 05:33:21 CET 2019,source=RankedAuthenticationProviderWebflowEventResolver] ACTION: AUTHENTICATION_EVENT_TRIGGERED APPLICATION: CAS WHEN: Fri Mar 08 05:33:21 CET 2019 CLIENT IP ADDRESS: 82.185.105.200 SERVER IP ADDRESS: 10.132.0.5 ============================================================= 2019-03-08 05:33:21,076 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: TGT-**************************************************9yyIGd5HwW-cascredem ACTION: TICKET_GRANTING_TICKET_DESTROYED APPLICATION: CAS WHEN: Fri Mar 08 05:33:21 CET 2019 CLIENT IP ADDRESS: 82.185.105.200 SERVER IP ADDRESS: 10.132.0.5 ============================================================= 2019-03-08 05:33:24,948 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: UT01097 WHAT: Supplied credentials: [org.apereo.cas.authentication.principal.ClientCredential@578b862c[id=UT01097]] (return of SAML IDP) ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Fri Mar 08 05:33:24 CET 2019 CLIENT IP ADDRESS: 82.185.105.200 SERVER IP ADDRESS: 10.132.0.5 ============================================================= 2019-03-08 05:33:24,955 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: UT01097 WHAT: TGT-**************************************************XGzd4xOnGb-cascredem ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Fri Mar 08 05:33:24 CET 2019 CLIENT IP ADDRESS: 82.185.105.200 SERVER IP ADDRESS: 10.132.0.5 ============================================================= 2019-03-08 05:33:25,521 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [event=success,timestamp=Fri Mar 08 05:33:25 CET 2019,source=InitialAuthenticationAttemptWebflowEventResolver] ACTION: AUTHENTICATION_EVENT_TRIGGERED APPLICATION: CAS WHEN: Fri Mar 08 05:33:25 CET 2019 CLIENT IP ADDRESS: 82.185.105.200 SERVER IP ADDRESS: 10.132.0.5 ============================================================= 2019-03-08 05:33:25,533 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: UT01097 WHAT: ST-75355-2etLNdlkQtnkmDSq2DGd-cascredem for https://myhostname/c/portal/login whitout service! ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Mar 08 05:33:25 CET 2019 CLIENT IP ADDRESS: 82.185.105.200 SERVER IP ADDRESS: 10.132.0.5 ============================================================= 2019-03-08 05:33:25,738 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: UT01097 WHAT: ST-75355-2etLNdlkQtnkmDSq2DGd-cascredem ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Fri Mar 08 05:33:25 CET 2019 CLIENT IP ADDRESS: 10.132.0.7 SERVER IP ADDRESS: 10.132.0.6 ============================================================= This an example of cas_aufit.log with correct login webflow (you can see the original service and there is not a TICKET_GRANTING_TICKET_DESTROYED event) 2019-03-08 04:15:13,897 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [event=success,timestamp=Fri Mar 08 04:15:13 CET 2019,source=RankedAuthenticationProviderWebflowEventResolver] ACTION: AUTHENTICATION_EVENT_TRIGGERED APPLICATION: CAS WHEN: Fri Mar 08 04:15:13 CET 2019 CLIENT IP ADDRESS: 82.185.105.200 SERVER IP ADDRESS: 10.132.0.5 ============================================================= 2019-03-08 04:15:18,663 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: UT0A011 WHAT: Supplied credentials: [org.apereo.cas.authentication.principal.ClientCredential@3126759e[id=UT0A011]] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Fri Mar 08 04:15:18 CET 2019 CLIENT IP ADDRESS: 82.185.105.200 SERVER IP ADDRESS: 10.132.0.5 ============================================================= 2019-03-08 04:15:18,673 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: UT0A011 WHAT: TGT-**************************************************pBoZWWSfQ6-cascredem ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Fri Mar 08 04:15:18 CET 2019 CLIENT IP ADDRESS: 82.185.105.200 SERVER IP ADDRESS: 10.132.0.5 ============================================================= 2019-03-08 04:15:18,688 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: UT0A011 WHAT: ST-75348-AAc95fO7MjnEmpjFeJbE-cascredem for https://myhostname/c/portal/login?redirect=%2Fgroup%2Fguest%2Fdocumenti%3Ffiltro1%3Dtipodoc%26filtro1val%3Doggetti%26filtro2%3Dtitle%26filtro2val%3DTool%2520People%26open%3Dtrue%26utm_source%3Dintranet&p_l_id=21280 ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Mar 08 04:15:18 CET 2019 2019-03-08 04:15:18,926 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: UT0A011 WHAT: ST-75348-AAc95fO7MjnEmpjFeJbE-cascredem ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Fri Mar 08 04:15:18 CET 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1552319144.3378.6.camel%40uvic.ca.
