>From the log entries, it seems that the ST in question has expired, therefore >it is considered invalid.
Dmitriy. Sent from my iPhone On Jan 24, 2013, at 4:45, Hendrik Coetzee <[email protected]> wrote: > Good day, > > We have an intermitted error that appears on ticket expiry, > here is what we can see in the logs from the catalina.out file: > > 2013-01-23 14:54:05,556 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > - <Granted service ticket > [ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za] for service > [https://vula.uct.ac.za:443/sakai-login-tool/container] for user [<userid>]> > 2013-01-23 14:54:05,557 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: <userid> > WHAT: ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za for > https://vula.uct.ac.za:443/sakai-login-tool/container > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Wed Jan 23 14:54:05 SAST 2013 > CLIENT IP ADDRESS: 93.186.23.81 > SERVER IP ADDRESS: 137.158.154.74 > ============================================================= > 2013-01-23 14:54:25,982 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > - <ServiceTicket [ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za] has > expired.> > 2013-01-23 14:54:25,982 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za > ACTION: SERVICE_TICKET_VALIDATE_FAILED > APPLICATION: CAS > WHEN: Wed Jan 23 14:54:25 SAST 2013 > CLIENT IP ADDRESS: 137.158.155.16 > SERVER IP ADDRESS: 137.158.154.74 > ============================================================= > > On the Apache side the following can be detected: > > [23/Jan/2013:14:54:25 +0200] 93.186.31.83 TLSv1 DHE-RSA-AES128-SHA "GET > /sakai-login-tool/container?ticket=ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za > HTTP/1.1" 749 > "https://login.uct.ac.za/cas/login?service=https%3A%2F%2Fvula.uct.ac.za%3A443%2Fsakai-login-tool%2Fcontainer"; > "Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en-GB) AppleWebKit/534.11+ > (KHTML, like Gecko) Version/7.1.0.342 Mobile Safari/534.11+" 13467 13364 500 > > Sakai tomcat app server logs: > > 2013-01-23 14:54:25,987 WARN ajp-bio-8009-exec-723 > org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter - > org.jasig.cas.client.validation.TicketValidationException: > ticket 'ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za' > not recognized > > org.jasig.cas.client.validation.TicketValidationException: > ticket 'ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za' > not recognized > > at > org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:86) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) > at > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:165) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:695) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662 > > Any ideas on what could be causing this ? > > Current Configuration: > CAS 3.5.1 > Mysql 5.0.96 > Maven 3.0.4 > Tomcat 7.0.28 > Jdk 1.7.0_06 > > Thanks > > Bernard > > > UNIVERSITY OF CAPE TOWN > > This e-mail is subject to the UCT ICT policies and e-mail disclaimer > published on our website at > http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 > 21 650 9111. This e-mail is intended only for the person(s) to whom it is > addressed. If the e-mail has reached you in error, please notify the author. > If you are not the intended recipient of the e-mail you may not use, > disclose, copy, redirect or print the content. If this e-mail is not related > to the business of UCT it is sent by the sender in the sender's individual > capacity. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
