The only way you can get that problem is if you're attempting to authenticate a ticket twice, which should have nothing to do with a clustered CAS server.
Check your Apache logs and see if a ticket validation request for that ticket is being submitted twice. If it is, find out why. If its from the same machine, it may just be someone pressing refresh (which with the Yale CAS Client there isn't much you can do about that). If the request is coming from multiple machines then for some reason two things are making the ticket validation request. Cheers, Scott On Thu, May 7, 2009 at 11:03 AM, Osburn, Andy G <[email protected]> wrote: > Hi All, > > We are having an issue with a two node cluster CAS 3.2.1 and uPortal 2.6. > We have the two nodes behind a BIGip F5 loadbalacer. When CAS authenticates > a uPortal user, I get the following error (below) from uPortal. We only get > the error when the two nodes are running. If just one node is running, > everything works fine. > > Except for the clustering part, I read that this problem is well known: > > " It's a quite common problem : when you refresh your page after having > restarted > your server, your session is blank : you're not authenticated anymore on > your > application. But, as you refresh the url with the ticket, you're > *re*presenting > the older ticket you used to access your application in the first time. > As a ticket is only valid once, you get this exception. > > What you could do when you get this exception is to resfresh (or redirect > to) > the url without the /ticket/ parameter. Then, the user will come back with > a > fresh ticket from your cas server." > > > My question is, were do I make the change to redirect without the ticket > parameter, in CAS or uPortal? And where exactly at inside CAS or uPortal? > > Thanks, > > Andy Osburn > Sacramento State > University Web Developer > 916 278-5450 > > > > HTTP Status 500 - > > type Exception report > > message > </cas:serviceResponse> > description The server encountered an internal error () that prevented it > from fulfilling this request. > > exception > > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate > ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator > proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator > casValidateUrl=[https://testcas.irt.csus.edu/csus.cas/serviceValidate] > proxyCallbackUrl=[https://mybetatst.csus.edu/portal/CasProxyServlet] > ticket=[ST-3-T4qVxXdSXewF7umkIjzj-testcas1] service=[https%3A%2F% > 2Fmybetatst.csus.edu%2Fportal%2FLogin] errorCode=[INVALID_TICKET] > errorMessage=[ticket 'ST-3-T4qVxXdSXewF7umkIjzj-testcas1' not recognized] > renew=false entireResponse=[<cas:serviceResponse xmlns:cas=' > http://www.yale.edu/tp/cas'> > <cas:authenticationFailure code='INVALID_TICKET'> > ticket 'ST-3-T4qVxXdSXewF7umkIjzj-testcas1' not > recognized > </cas:authenticationFailure> > ]]]] > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:62) > > > edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339) > > > edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
