>From the log,
It passed MFA of gauth.
it seems ST had expired and was deleted. So the ST dis not exist any
longer.
It is strange that it seems that it had trigger 2 SERVICE_TICKET_VALIDATE,
first was success, the 2nd was failed.
If I inputed the token within a minutes, it will trigger only one
SERVICE_TICKET_VALIDATE, and it will not expired/delete the ST either. It
was deleted at the Ticket_Destroyed phase.
Is it a bug? I tried variouse time-to-live, or time-to-kill paameters . It
did not help.
He Vincent在 2021年9月30日星期四下午12:16:51 [UTC+8]寫道:
> Version: CAS 6.3 (CAS 5.3 has no such issue)
> OAuth2.0+GAuth
> How to reproduce the issue:
> 1. Login to the app with Oatu2.0
> 2. passed login page, stay on MFA page for about 2 minutes. (No issue if
> input it in a minute)
> 3. Inpute the Google Auth token
> 4. It got 500 internal error, with
> org.apereo.cas.ticket.InvalidTicketException
> It has no such issue if the app is not using Oauth2.0.
>
> Here is the log
> >
> 2021-09-30 08:51:09,094 DEBUG [
> org.apereo.cas.ticket.expiration.MultiTimeUseOrTimeoutExpirationPolicy] -
> <Ticket usage count [1] is greater than or equal to [1]. Ticket
> [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas] has expired>
> 2021-09-30 08:51:09,094 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating ticket
> ticketId [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas]>
> 2021-09-30 08:51:09,094 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating
> collection name [serviceTicketsCollection] for ticket definition
> [DefaultTicketDefinition(implementationClass=class
> org.apereo.cas.ticket.ServiceTicketImpl, prefix=ST,
> properties=DefaultTicketDefinitionProperties(cascadeRemovals=false,
> storageName=serviceTicketsCollection, storageTimeout=300,
> storagePassword=null, excludeFromCascade=false), order=-2147483648
> <(214)%20748-3648>)]>
> 2021-09-30 08:51:09,095 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Located MongoDb
> collection instance [serviceTicketsCollection]>
> 2021-09-30 08:51:09,103 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket
> [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas] from the registry.>
> 2021-09-30 08:51:09,103 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Deleting ticket
> [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas]>
> 2021-09-30 08:51:09,104 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating
> collection name [serviceTicketsCollection] for ticket definition
> [DefaultTicketDefinition(implementationClass=class
> org.apereo.cas.ticket.ServiceTicketImpl, prefix=ST,
> properties=DefaultTicketDefinitionProperties(cascadeRemovals=false,
> storageName=serviceTicketsCollection, storageTimeout=300,
> storagePassword=null, excludeFromCascade=false), order=-2147483648
> <(214)%20748-3648>)]>
> 2021-09-30 08:51:09,104 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Located MongoDb
> collection instance [serviceTicketsCollection]>
> 2021-09-30 08:51:09,107 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Deleted ticket
> [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas] with result
> [AcknowledgedDeleteResult{deletedCount=1}]>
> 2021-09-30 08:51:09,108 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: [email protected]
> WHAT: ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas for
> https://login.mydomain.com/cas/oauth2.0/callbackAuthorize?client_id=alpha&redirect_uri=https%3A%2F%2Falpha-stage.mydomainglo.
> ..
> ACTION: SERVICE_TICKET_VALIDATE_SUCCESS
> APPLICATION: CAS
> WHEN: Thu Sep 30 08:51:09 CST 2021
> CLIENT IP ADDRESS: 10.16.14.77
> SERVER IP ADDRESS: 10.13.23.92
> =============================================================
>
> >
> 2021-09-30 08:51:09,171 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating ticket
> ticketId [TGT-1-*****Jetbc5m7zU-xxxxxx-slicas]>
> 2021-09-30 08:51:09,172 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating
> collection name [ticketGrantingTicketsCollection] for ticket definition
> [DefaultTicketDefinition(implementationClass=class
> org.apereo.cas.ticket.TicketGrantingTicketImpl, prefix=TGT,
> properties=DefaultTicketDefinitionProperties(cascadeRemovals=false,
> storageName=ticketGrantingTicketsCollection, storageTimeout=28800,
> storagePassword=null, excludeFromCascade=false), order=2147483647
> <(214)%20748-3647>)]>
> 2021-09-30 08:51:09,172 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Located MongoDb
> collection instance [ticketGrantingTicketsCollection]>
> 2021-09-30 08:51:09,195 DEBUG
> [org.apereo.cas.support.oauth.web.OAuth20CasCallbackUrlResolver] - <Final
> resolved callback URL is [
> https://login.mydomain.com/cas/oauth2.0/callbackAuthorize?client_id=alpha&redirect_uri=https%3A%2F%2Falpha-stage.mydomain.com%2Fwebsso%3Freturn_uri%3D+https%3A%2F%2Falpha-stage.mydomain.com&response_type=code
> ]>
> 2021-09-30 08:51:09,197 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating ticket
> ticketId [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas]>
> 2021-09-30 08:51:09,197 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating
> collection name [serviceTicketsCollection] for ticket definition
> [DefaultTicketDefinition(implementationClass=class
> org.apereo.cas.ticket.ServiceTicketImpl, prefix=ST,
> properties=DefaultTicketDefinitionProperties(cascadeRemovals=false,
> storageName=serviceTicketsCollection, storageTimeout=300,
> storagePassword=null, excludeFromCascade=false), order=-2147483648
> <(214)%20748-3648>)]>
> 2021-09-30 08:51:09,197 DEBUG
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Located MongoDb
> collection instance [serviceTicketsCollection]>
> 2021-09-30 08:51:09,200 WARN
> [org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket
> [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas] does not exist.>
> 2021-09-30 08:51:09,201 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT: ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas for
> https://login.mydomain.com/cas/oauth2.0/callbackAuthorize?client_id=alpha&redirect_uri=https%3A%2F%2Falpha-stage.mydomainglo.
> ..
> ACTION: SERVICE_TICKET_VALIDATE_FAILED
> APPLICATION: CAS
> WHEN: Thu Sep 30 08:51:09 CST 2021
> CLIENT IP ADDRESS: 10.16.14.77
> SERVER IP ADDRESS: 10.13.23.92
> =============================================================
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8376c74d-b21b-439b-970d-b29c538463d2n%40apereo.org.
