Hi, I'm upgrading to CAS 6.5.0 with delegated authentication to Azure AD using OAuth.
I'm load testing it using a second CAS instance as a "mock" OAuth end point rather than AAD. We've already hit several bugs [1], [2] on previous releases with threading issues under load. The load test: - Steps through an OAuth login - Validates the ticket - Obtains a proxy IOU, retrieves the proxy ticket itself, and validates this. - "Logs in" again but this time it already has a SSO session so no OAuth - Validates this ticket. Release 6.5.0 seemed to fix most problems. My load tests run OK at 500 logins/min but above this I'm getting errors: WARN [org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket [xxxxxxxxxxxxx] does not exist.> And the client gets: <cas:authenticationFailure code="INVALID_TICKET">Ticket 'ST-8315-5xte-xOJmYBrgw1IGLe5Tzqxu20-IT080096' not recognized</cas:authenticationFailure> This looks similar to the bug [2] where the same ticket was given to multiple clients, and it was then a race which of them validated it first. CAS doesn't seem to have any sort of issue tracker on Github so I can't see how to raise this, but given the previous bugs it seems likely there are still threading issues. Has anyone else encountered this, or know of any workaround? I've spent a huge amount of time testing this now, I don't know if we are going to be able to upgrade our CAS instance at all now unless I can find some resolution to this! Thanks, Mark van Rossum [1] https://github.com/apereo/cas/pull/5315 [2] https://github.com/apereo/cas/pull/5350 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/74386c2c-3482-4f68-b75c-6a95e6eaf475n%40apereo.org.
