Mark, Could this be a problem with the ticket storage system? Maybe it can not keep up with the load.
Did you try the test using the in memory ticket store? Ray On Tue, 2022-02-15 at 08:06 -0800, Mark van Rossum wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi, I'm upgrading to CAS 6.5.0 with delegated authentication to Azure AD using OAuth. I'm load testing it using a second CAS instance as a "mock" OAuth end point rather than AAD. We've already hit several bugs [1], [2] on previous releases with threading issues under load. The load test: * Steps through an OAuth login * Validates the ticket * Obtains a proxy IOU, retrieves the proxy ticket itself, and validates this. * "Logs in" again but this time it already has a SSO session so no OAuth * Validates this ticket. Release 6.5.0 seemed to fix most problems. My load tests run OK at 500 logins/min but above this I'm getting errors: WARN [org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket [xxxxxxxxxxxxx] does not exist.> And the client gets: <cas:authenticationFailure code="INVALID_TICKET">Ticket 'ST-8315-5xte-xOJmYBrgw1IGLe5Tzqxu20-IT080096' not recognized</cas:authenticationFailure> This looks similar to the bug [2] where the same ticket was given to multiple clients, and it was then a race which of them validated it first. CAS doesn't seem to have any sort of issue tracker on Github so I can't see how to raise this, but given the previous bugs it seems likely there are still threading issues. Has anyone else encountered this, or know of any workaround? I've spent a huge amount of time testing this now, I don't know if we are going to be able to upgrade our CAS instance at all now unless I can find some resolution to this! Thanks, Mark van Rossum [1] https://github.com/apereo/cas/pull/5315 [2] https://github.com/apereo/cas/pull/5350 -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3bc437ed98df23596b83e59c0316ed5fdd83f21b.camel%40uvic.ca.
