Yes. The service ticket can only be used once. Once a service validates the service ticket, it ought to establish some kind of local application specific session. The fact that the ticket is being validated twice suggests that maybe the client is configured incorrectly.
Thanks, Carl Waldbieser ITS System Programmer Lafayette College ----- Original Message ----- From: "Tiit Kaeeli" <[email protected]> To: [email protected] Sent: Wednesday, February 11, 2015 8:10:56 AM Subject: [cas-user] <ServiceTicket [...] does not exist.> after <Removing ticket [...] from registry> Hi, I got mod_auth_cas working without SAML. Now I am trying to enable SAML for LDAP group based auth. But unfortunately apache returns 401. So I am in need for help again. In tomcat logs, there are no errors, but final result is WHAT: ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com ACTION: SERVICE_TICKET_VALIDATE_FAILED Before this I see: 2015-02-11 14:38:16,202 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com]> 2015-02-11 14:38:16,202 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com] found in registry.> 2015-02-11 14:38:16,202 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return for service [HTTP and IMAP] is [kaeeli]. The default principal id is [kaeeli].> 2015-02-11 14:38:16,202 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com] from registry> 2015-02-11 14:38:16,202 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com]> 2015-02-11 14:38:16,202 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Wed Feb 11 14:38:16 EET 2015 CLIENT IP ADDRESS: 192.168.7.108 SERVER IP ADDRESS: 192.168.7.183 ============================================================= ... 2015-02-11 14:38:16,562 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com]> 2015-02-11 14:38:16,562 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com] does not exist.> 2015-02-11 14:38:16,566 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com]> 2015-02-11 14:38:16,566 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Wed Feb 11 14:38:16 EET 2015 CLIENT IP ADDRESS: 192.168.7.108 SERVER IP ADDRESS: 192.168.7.183 ============================================================= It seems, that service ticket is looked for twice, first time it succeeds. Then the ticket is removed from the registry. The other attemp after that fails. Is this normal and expected behaviour? -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
