Hi, Just a thought, apologies if you've already considered it: is it possible your ST is rejected not due to timeout, but because it's already been validated once? For whatever reason - something subtle in the load balancer, the CASified application (especially if it's clustered itself), etc. This can be checked by monitoring all "/cas/validate" requests that go into BOTH CAS servers (using whatever - auditing, debugger, sniffer if you disable encrypting).
Regards On Sat, Nov 16, 2013 at 6:12 AM, Rakesh <[email protected]> wrote: > Hi, > > We have our CAS(3.5.2) environment load balanced and Ehcache for ticket > registry configured to do manual peer discovery for ticket replication. I > am running into a situation where service ticket fails validation in one of > the scenario. I have listed the scenarios below : > > Start CAS server 1 > Start CAS server 2 > Access a CASified application, flows redirects to CAS login page, log into > the application > > Scenario 1: > Service ticket created on server 1 successfully > Service ticket validated on server 1 successfully > > Scenario 2: > Service ticket created on server 2 successfully > Service ticket validated on server 2 successfully > > Scenario 3: > Service ticket created on server 2 successfully > Service ticket validated on server 1 successfully > > Scenario 4: > Service ticket gets created on server 1 successfully > Service ticket validation fails on server 2 > During this time, (from the log files) when server 2 receives the service > ticket, service ticket is already expired. > > Scenario 5: > Restart only server 1, access casified application; > Scenario 1 & 2 are successful > Service ticket created on server 1 is validated on server 2 successfully > Service ticket created on server 2 fails validation on server 1 (scenario > 3 and 4 are switched) > > I increased the ST expiration time from 10 secs to 1 min and I still see > the same behavior. I see the behavior bounce between server 1 & 2 when they > are restarted in sequence (start server 1, server 2 has the issue, restart > server 2 now issue jumps to server 1 and so on) > > Has anyone else encountered this kind of behavior? Is my ehcache > configuration wrong? > > Any idea what I am doing wrong? I have attached the ticketRegistry and > ehcache-replication for reference. > > Thanks, > Rakesh > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
