We're currently having an issue with a small amount of logins. Roughly ~<%.5 are loosing their service and being directed to the generic "/cas/login" page.
Basics: CAS 3.4.2 running on Tomcat 5.5.27 front ended with Apache 2.2.11 & mod_proxy_ajp Action: User browses to URL that is CAS protected. User is redirected correctly to CAS login with correct service attached (verified via logs) User logs in with correct name/password -Apache logs login request with valid service attached. -CAS logs user has supplied good credentials. -Apache logs request for generic login page "/cas/login" Users: This happens to random users, but is not replicable when user clears cookies/credentials and tries logging back in. Times: Happens at random times, though it seems to be a steady "percentage" of overall logins and somewhat evenly spaced out (ie. no groupings of these errors at the same time.) We're seeing something around a half percent, where at low volume times disappears off the map. Service: everything from high volume services, to barely un-used test pages. Not so basics: We've suspected this happening in CAS 3.3.5 but seems to be rearing it's head in 3.4.2 a bit more... we suspected it was rooted in our JBoss configuration, and needed an excuse to move over to Terracotta. Both have similar results. At this point we went to a one node setup, running the default ticket registry, removing any High Availability issues. Alas, the result (percentage of lost service) stays the same. The best we can come up with at this point is that somewhere along the line the user's sessionid is corrupted or lost, but the user's successful login is attached to a new sessionid, though their service is lost. I documented something similar in my earlier JBoss/Terracotta posts to this list. Any ideas or suggestions on this one? Currently I'm leaning towards a possible issue with mod_proxy. Tomorrow includes upgrading the 32bit version of Apache to 64bit and a few more ideas up our sleeve. Raymond Walker Software Systems Engineer Sr. ITS Northern Arizona University -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
