Matvey,CAS service tickets are single-use only. Once the ticket was validated the first time, reloading this page is going to fail validation of this ticket even 1 second after the initial validation.
Once way around this, if I may speculate about how your application works, would be for your application to actually redirect to itself right after the initial ticket validation. This redirection should remove the "ticket=ST..." argument from the URL. What will happen then is that it will not have the service ticket in the URL and it will not try to validate it. If your application's session will be invalid after 1 hour, it may redirect to CAS, which will likely still have the Single Sign-On (SSO) session valid, so it will redirect right back to your application with a new and valid service ticket. If my speculation is correct, you should achieve what you need this way.
Adam Matteo Matteo wrote:
whats given: CAS 3 server, CAS client 2.1 under tomcat 5.5 installed as a Filter The problem is that if I have a resource likehttp://myserver:8080/app1/?ticket=ST-8-qmKXGzftOK12k4Pa1dgXPRWtGaEsIlGbdoX-20 and after one hour try to reload this page - I get an exception from CAS client (complete trace is lower). I just want to know which possibilities I have to avoid or catch such an exception. It could be that session under CAS server is longer than CAS client session and a user is still logged, but needs a new ticket, for example... Thanks Matvey -------------------------------------- javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://esstest1.local.wmgruppe.de:8443/cas/serviceValidate] ticket=[ST-8-qmKXGzftOK12k4Pa1dgXPRWtGaEsIlGbdoX-20] service=[http%3A%2F%2Fesstest1.local.wmgruppe.de%3A8080%2Fcas1%2F] errorCode=[INVALID_TICKET] errorMessage=[ticket 'ST-8-qmKXGzftOK12k4Pa1dgXPRWtGaEsIlGbdoX-20' not recognized] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ticket 'ST-8-qmKXGzftOK12k4Pa1dgXPRWtGaEsIlGbdoX-20' not recognized </cas:authenticationFailure> </cas:serviceResponse> ]]]] edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)root causeedu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://esstest1.local.wmgruppe.de:8443/cas/serviceValidate] ticket=[ST-8-qmKXGzftOK12k4Pa1dgXPRWtGaEsIlGbdoX-20] service=[http%3A%2F%2Fesstest1.local.wmgruppe.de%3A8080%2Fcas1%2F] errorCode=[INVALID_TICKET] errorMessage=[ticket 'ST-8-qmKXGzftOK12k4Pa1dgXPRWtGaEsIlGbdoX-20' not recognized] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ticket 'ST-8-qmKXGzftOK12k4Pa1dgXPRWtGaEsIlGbdoX-20' not recognized </cas:authenticationFailure> </cas:serviceResponse> ]]]] edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:62) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:457) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
begin:vcard fn:Adam Rybicki n:Rybicki;Adam org:Unicon, Inc.;Professional Services adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States email;internet:[EMAIL PROTECTED] tel;work:+1-480-558-2400 tel;home:+1-310-265-8286 tel;cell:+1-310-980-2758 x-mozilla-html:FALSE url:http://www.unicon.net/ version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
