Finger fudge, Sorry IIRC we had to lengthen to 30 seconds due to similar issues. Didn't seem to have any problems due to it.
Sent from my Android phone using Symantec TouchDown (www.symantec.com) -----Original Message----- From: Danner, Mearl [[email protected]] Received: Friday, 15 May 2015, 12:07PM To: [email protected] [[email protected]] CC: [email protected] [[email protected]]; [email protected] [[email protected]] Subject: RE: [cas-user] phpCAS not always returning user IIRC Sent from my Android phone using Symantec TouchDown (www.symantec.com) -----Original Message----- From: Christopher Sterling [[email protected]] Received: Friday, 15 May 2015, 12:00PM To: [email protected] [[email protected]] CC: [email protected] [[email protected]]; [email protected] [[email protected]] Subject: Re: [cas-user] phpCAS not always returning user Andy: >Why is it taking longer than 10 seconds for your application to validate the >ticket? That's a good question, I wish I knew. We can't find any rhyme or reason. I was thinking slow network between redirecting the user from our CAS server back to the application. The reason I suspected that was because a number of the debug emails we've gotten have a mobile related user agent as part of the request. I just tried as GPRS (50Kbps and 500ms RTT) using google developer tools but I can't seem to get it to trigger our error page. I'm wondering if chrome allows the lookups and stuff to go through your standard connection, but downloads the assets via the throttled connection. I also tried fiddler2 and still can't reproduce it, so I'm out of ideas. I'm ok with the 1 time validation, but any suggestions on how we can change it to expire after like 30 seconds or something, and are there any downsides to extending that by 20 seconds? John: So, how our application is configured, we do allow non-CAS authenticated users to login to our system. I have an override a little later in the code that forces authentication if they don't meet certain criteria. The thing is, the current configuration of how I'm checking for CAS works probably 99.5% of the time. Though, looking through the code, I may not need the phpCAS::isAuthenticated() any more. Chris On Friday, May 15, 2015 at 11:55:58 AM UTC-4, Andrew Morgan wrote: Why is it taking longer than 10 seconds for your application to validate the ticket? The default timeout for service tickets is 10 seconds. Service tickets are only valid for 10 seconds (by default) or one validation. Andy On Fri, 15 May 2015, Christopher Sterling wrote: > So, our security guy wasn't a fan of the paste that I had posted since it > did have some information about our server in there (and he likes to err on > the side of caution), so here it is, even more > stripped: http://pastebin.com/NKpVrM8i > > So, what is happening is that some of our service tickets are expiring > after 10 seconds, but for the most part, they aren't. Since sunday, I can > find about 300 or so instances of it expiring early, the log file is almost > 400 megs, wasn't going to look at each one to see how quickly they failed, > and over 130,000 successful service tickets created and redeemed. > > Any insight? > > Chris > > On Thursday, May 14, 2015 at 9:32:21 PM UTC-4, Christopher Sterling wrote: >> >> So, have a weird issue that is popping up. 99% of the time, our users are >> authenticated successfully. There is that 1% where users aren't >> authenticated. I'm calling phpCAS::isAuthenticated() before calling the >> phpCAS::getUser() so they are authenticated when I'm trying to get their >> username. >> >> We do occasionally get this error that I have captured I'm not sure if >> this is the error that everybody is throwing. But it's happening frequently >> enough that I suspect it. >> >> When I get into work tomorrow. I'm going to enable cas debugging in php. >> I'll give any extra info I can >> >> >> Error is: >> >> Message: Uncaught exception 'CAS_AuthenticationException' in >> /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS/Client.php:2839 >> Stack trace: #0 >> /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS/Client.php(1224): >> CAS_Client->validateCAS20('https://cas.geo...', '\n\n\nisAuthenticated() >> #2 /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS.php(1101): >> CAS_Client->forceAuthentication() #3 >> /portal/server/htdocs/portal/globals/template/auth.inc.php(48): >> phpCAS::forceAuthentication() #4 >> /portal/server/htdocs/portal/globals/template/head.inc.php(61): >> include('/portal/server/...') #5 >> /portal/server/htdocs/portal/portal.php(3): include('/portal/server/...') >> #6 {main} thrown >> File: /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS/Client.php >> Line Number: 2839 >> -- >> >> > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
