Back to this question... In my environment I'm running two CAS instances behind a load balancer. I'm seeing this exception when both instances are running, but if I turn off one of the CAS instances the exception goes away.
Currently I've got CAS setup to use ehcache for the ticket registry but I have not setup the ticket registry cache to be clustered. I did ask my SysOp guys to set up the load balancer to enforce sticky sessions but this does not fix the problem. So..., if I configure the CAS instances to use a clustered cache for the ticket registry will this problem go away? Marvin Addison wrote: > >> [2009-10-14 15:23:39,779] [resin-http-10.28.121.60:8080-1] >> Saml11TicketValidationFilter - >> org.jasig.cas.client.validation.TicketValidationException: >> org.opensaml.SAMLException: Success >> sig.cas.client.validation.TicketValidationException: >> org.opensaml.SAMLException: Success > > Despite the exception message "Success," this is a general SAML error > message for ticket validation failure. The most common cause of SAML > validation failure is clock drift. If the system time on your client > and server differ than more than a few seconds, this is likely the > cause. For a number of reasons it's preferable to fix the clock drift > problem (e.g. using NTP), but if you must you can increase the > "tolerance" init param of the Saml11TicketValidationFilter to a value > larger than the time deltas between machines. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- View this message in context: http://n4.nabble.com/TicketValidationException-in-Saml11TicketValidationFilter-tp266207p275998.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
