Service Tickets are one-time-use by default, so you won't be able to use them in the way you were describing. They are also distinct from the TGT which mediates SSO.
-- https://wiki.jasig.org/display/CASUM/Home Security Policy CAS uses tickets to implement supported authentication protocols, so it follows that ticket behavior determines most aspects of security policy. In its default configuration (as of CAS 3.3.3), CAS provides for the following: Ticket-granting tickets (TGT) that expire after more than 2 hours of inactivity. One-time-use service tickets (ST) that must be validated within 5 minutes. The default behavior can be modified by tuning expiration policy parameters, or by choosing alternative expiration policies. See the Ticket Expiration Policy section for more information. -- On Tue, Jun 7, 2011 at 5:02 PM, Bacigalupo, Christopher <[email protected]> wrote: > CAS Version: 3.3.1 > I'm attempting to get a good xml response from a serviceValidate call. > I use: > https://testcas.css.edu:8447/cas-web/serviceValidate?service=https%3A%2F%2Fportaltest.css.edu:443/c/portal/login&ticket=ST-43-elZE1z6f77RDraXR5FPe-testcas.css.edu > I get: > > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > > <cas:authenticationFailure code='INVALID_TICKET'> > > ticket 'ST-43-elZE1z6f77RDraXR5FPe-testcas.css.edu' > not > recognized > > </cas:authenticationFailure> > > </cas:serviceResponse> > > I had just logged in to the portal successfully, cas.log: > > 2011-06-07 15:52:05,047 INFO [http-8447-Processor24] > org.jasig.cas.authentication.AuthenticationManagerImpl > AuthenticationHandler: > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully > authenticated the user which provided the following credentials: hsmith1 > > 2011-06-07 15:52:05,195 INFO [http-8447-Processor24] > org.jasig.cas.CentralAuthenticationServiceImpl Granted service ticket > [ST-43-elZE1z6f77RDraXR5FPe-testcas.css.edu] for service > [https://portaltest.css.edu:443/c/portal/login] for user [hsmith1] > > 2011-06-07 15:52:05,250 INFO [http-8447-Processor11] > org.jasig.cas.authentication.AuthenticationManagerImpl > AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler > successfully authenticated the user which provided the following > credentials: https://admintest.css.edu:8443/proxy/receptor > > The ticket was "active". I had SSO with my portal application. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
