What’s the next line in the log after it says there was a TicketValidationException? It looks like most all cases should throw something back into the logs which will be diagnostically helpful.
To put that in context, in our environment seeing these occasionally is not unreasonable — we keep a tight service ticket window, and it’s not uncommon that a ticket will expire if a user’s connectivity briefly drops on wifi, they have poor cell reception, etc. Our logs will show “org.jasig.cas.client.validation.TicketValidationException:\n ticket ‘XXXXXXXXXXXXXXXXXXXXXX’ not recognized”. [To be fair, the user is usually not even aware of this in most cases as upon reestablishment of connectivity, the ticket invalidates, they bounce back to CAS, and then are able to get in.] In all cases having the folks running those servers send you more from the logs should be quite valuable. — Sean R. Baker Office of the CIO Phone: (301) 319-0712 Email: [email protected] > On 29Jan2015, at 15:01 PM, Bryan Wooten <[email protected]> wrote: > > Thanks Marv, > > These applications are not using SAML 1.1 > > I’ll need to consider how to proceed. > > -Bryan > > > From: Marvin Addison [mailto:[email protected] > <mailto:[email protected]>] > Sent: Thursday, January 29, 2015 10:36 AM > To: [email protected] <mailto:[email protected]> > Subject: Re: [cas-user] > org.jasig.cas.client.validation.TicketValidationException > > They have noticed that their log files are filled with the above exception > and have asked me to help them resolve this. > Are they using the SAML 1.1 protocol perchance, say to get attributes? The > CAS client enforces the SAML assertion validity window, which is a unique > feature of SAML. Clock drift can be an insidious cause of ticket validation > failures with that protocol. > > M > > > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > <http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > <http://www.ja-sig.org/wiki/display/JSG/cas-user> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
