If you're not using a distributed registry then you're validations are going to fail on average half the time (and at most all the time depending on how your load balancer is set up).
Sticky sessions is relatively useless outside of that initial login flow. CAS doesn't store anything useful in the Http Session once the login flow has ended. Cheers, Scott On Wed, Oct 21, 2009 at 8:13 AM, Dallas <[email protected]> wrote: > > Back to this question... > > In my environment I'm running two CAS instances behind a load balancer. I'm > seeing this exception when both instances are running, but if I turn off > one > of the CAS instances the exception goes away. > > Currently I've got CAS setup to use ehcache for the ticket registry but I > have not setup the ticket registry cache to be clustered. I did ask my > SysOp guys to set up the load balancer to enforce sticky sessions but this > does not fix the problem. > > So..., if I configure the CAS instances to use a clustered cache for the > ticket registry will this problem go away? > > > > Marvin Addison wrote: > > > >> [2009-10-14 15:23:39,779] [resin-http-10.28.121.60:8080-1] > >> Saml11TicketValidationFilter - > >> org.jasig.cas.client.validation.TicketValidationException: > >> org.opensaml.SAMLException: Success > >> sig.cas.client.validation.TicketValidationException: > >> org.opensaml.SAMLException: Success > > > > Despite the exception message "Success," this is a general SAML error > > message for ticket validation failure. The most common cause of SAML > > validation failure is clock drift. If the system time on your client > > and server differ than more than a few seconds, this is likely the > > cause. For a number of reasons it's preferable to fix the clock drift > > problem (e.g. using NTP), but if you must you can increase the > > "tolerance" init param of the Saml11TicketValidationFilter to a value > > larger than the time deltas between machines. > > > > M > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > View this message in context: > http://n4.nabble.com/TicketValidationException-in-Saml11TicketValidationFilter-tp266207p275998.html > Sent from the CAS Users mailing list archive at Nabble.com. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
