Re: [cas-user] ehcache and Service Ticket Validation fails
Your cache policy is different from the CAS policy. Look into your cas.properties and you will find a timeout value for STs, or look up the docs on SSO Expiration Policy. http://jasig.github.io/cas/4.1.x/installation/Configuring-Ticket-Expiration-Policy.html Leaving the cache policy as 5 minutes for STs will likely cause severe memory/GC issues once your system goes under load. - Misagh > On Nov 3, 2015, at 8:15 PM, Song, Doe-Hyun <ds...@armada.net> wrote: > > If 300 is seconds, it is 5 minutes. As you said 10 second is default, where > should I change the value? > > -Original Message- > From: Misagh Moayyed [mailto:mmoay...@unicon.net] > Sent: Tuesday, November 03, 2015 9:32 PM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] ehcache and Service Ticket Validation fails > > Your first ST was issued at 2015-11-03 16:38:05. The validation attempt was > at 2015-11-03 16:38:15. That's a 10-second difference. Its by default expire > at 10 seconds. So you may want to increase your ST timeout. > > - Misagh > >> On Nov 3, 2015, at 4:16 PM, Song, Doe-Hyun <ds...@armada.net> wrote: >> >> I saw the link but it is for other class. And i assumed it so. But why my >> duplicated aservice ticket is expired within a second. >> >> From: Misagh Moayyed [mmoay...@unicon.net] >> Sent: Tuesday, November 03, 2015 5:17 PM >> To: cas-user@lists.jasig.org >> Subject: RE: [cas-user] ehcache and Service Ticket Validation fails >> >> Seconds: >> http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- >> >> >> From: Song, Doe-Hyun [mailto:ds...@armada.net] >> Sent: Tuesday, November 3, 2015 3:06 PM >> To: cas-user@lists.jasig.org >> Subject: RE:[cas-user] ehcache and Service Ticket Validation fails >> >> BTW, this is the one copied from 4.1 document. >> >> >class="org.springframework.cache.ehcache.EhCacheFactoryBean" >>parent="abstractTicketCache" >>p:cacheName="cas_st" >>p:timeToIdle="0" >>p:timeToLive="300" >>p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" /> >> >> Log shows copied ServiceTicket is expired. I can not find the timeToLive >> information from EhCacheFactoryBean document. Is it millisecond instead of >> second? If so, what value should I set instead of 300? >> >> 2015-11-03 16:38:15,721 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket >> [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. >> >> >> From: Song, Doe-Hyun >> Sent: Tuesday, November 03, 2015 4:57 PM >> To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> >> Subject: [cas-user] ehcache and Service Ticket Validation fails >> >> I am using 4.1 and installed ehcache for two cas servers. It is quiet random >> - fail sometimes and succeed sometimes. >> >> There are two servers and server1 creates TGT and ST successfully. Server2 >> tries to validate ST and fails. The following is both servers' logs. >> >> Interestingly, I can see cas_st.data file is always 0 size no matter what >> validate fails or succeeds. >> >> >> Server1 >> >> 2015-11-03 16:38:04,958 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> LdapAuthenticationHandler successfully authenticated temp+password >> 2015-11-03 16:38:04,973 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> Authenticated temp with credentials [temp+password]. >> 2015-11-03 16:38:04,976 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> = >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:04 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> = >> >> >> 2015-11-03 16:38:04,976 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> = >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >>
RE: [cas-user] ehcache and Service Ticket Validation fails
Misagh, Thanks. Increase timeout from cas.properties works good. I realized date from two servers are not identical (approximately 10 seconds gap) and so, if ticket is created from one server which has slower time, it will be expired immediately from the other server by the time the ticket is duplicated. -Original Message- From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Wednesday, November 04, 2015 9:02 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] ehcache and Service Ticket Validation fails Your cache policy is different from the CAS policy. Look into your cas.properties and you will find a timeout value for STs, or look up the docs on SSO Expiration Policy. http://jasig.github.io/cas/4.1.x/installation/Configuring-Ticket-Expiration-Policy.html Leaving the cache policy as 5 minutes for STs will likely cause severe memory/GC issues once your system goes under load. - Misagh > On Nov 3, 2015, at 8:15 PM, Song, Doe-Hyun <ds...@armada.net> wrote: > > If 300 is seconds, it is 5 minutes. As you said 10 second is default, where > should I change the value? > > -Original Message- > From: Misagh Moayyed [mailto:mmoay...@unicon.net] > Sent: Tuesday, November 03, 2015 9:32 PM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] ehcache and Service Ticket Validation fails > > Your first ST was issued at 2015-11-03 16:38:05. The validation attempt was > at 2015-11-03 16:38:15. That's a 10-second difference. Its by default expire > at 10 seconds. So you may want to increase your ST timeout. > > - Misagh > >> On Nov 3, 2015, at 4:16 PM, Song, Doe-Hyun <ds...@armada.net> wrote: >> >> I saw the link but it is for other class. And i assumed it so. But why my >> duplicated aservice ticket is expired within a second. >> >> From: Misagh Moayyed [mmoay...@unicon.net] >> Sent: Tuesday, November 03, 2015 5:17 PM >> To: cas-user@lists.jasig.org >> Subject: RE: [cas-user] ehcache and Service Ticket Validation fails >> >> Seconds: >> http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- >> >> >> From: Song, Doe-Hyun [mailto:ds...@armada.net] >> Sent: Tuesday, November 3, 2015 3:06 PM >> To: cas-user@lists.jasig.org >> Subject: RE:[cas-user] ehcache and Service Ticket Validation fails >> >> BTW, this is the one copied from 4.1 document. >> >> >class="org.springframework.cache.ehcache.EhCacheFactoryBean" >>parent="abstractTicketCache" >>p:cacheName="cas_st" >>p:timeToIdle="0" >>p:timeToLive="300" >>p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" /> >> >> Log shows copied ServiceTicket is expired. I can not find the timeToLive >> information from EhCacheFactoryBean document. Is it millisecond instead of >> second? If so, what value should I set instead of 300? >> >> 2015-11-03 16:38:15,721 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket >> [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. >> >> >> From: Song, Doe-Hyun >> Sent: Tuesday, November 03, 2015 4:57 PM >> To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> >> Subject: [cas-user] ehcache and Service Ticket Validation fails >> >> I am using 4.1 and installed ehcache for two cas servers. It is quiet random >> - fail sometimes and succeed sometimes. >> >> There are two servers and server1 creates TGT and ST successfully. Server2 >> tries to validate ST and fails. The following is both servers' logs. >> >> Interestingly, I can see cas_st.data file is always 0 size no matter what >> validate fails or succeeds. >> >> >> Server1 >> >> 2015-11-03 16:38:04,958 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> LdapAuthenticationHandler successfully authenticated temp+password >> 2015-11-03 16:38:04,973 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> Authenticated temp with credentials [temp+password]. >> 2015-11-03 16:38:04,976 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> = >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03
RE:[cas-user] ehcache and Service Ticket Validation fails
BTW, this is the one copied from 4.1 document. Log shows copied ServiceTicket is expired. I can not find the timeToLive information from EhCacheFactoryBean document. Is it millisecond instead of second? If so, what value should I set instead of 300? 2015-11-03 16:38:15,721 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. From: Song, Doe-Hyun Sent: Tuesday, November 03, 2015 4:57 PM To: cas-user@lists.jasig.org Subject: [cas-user] ehcache and Service Ticket Validation fails I am using 4.1 and installed ehcache for two cas servers. It is quiet random - fail sometimes and succeed sometimes. There are two servers and server1 creates TGT and ST successfully. Server2 tries to validate ST and fails. The following is both servers' logs. Interestingly, I can see cas_st.data file is always 0 size no matter what validate fails or succeeds. Server1 2015-11-03 16:38:04,958 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler successfully authenticated temp+password 2015-11-03 16:38:04,973 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated temp with credentials [temp+password]. 2015-11-03 16:38:04,976 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,976 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,978 DEBUG [net.sf.ehcache.store.disk.Segment] - put added 0 on heap 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault removed 0 from heap 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault added 0 on disk 2015-11-03 16:38:04,985 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: TGT-**GsFfWjbxN6-cas.server.net ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,985 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: TGT-**GsFfWjbxN6-cas.server.net ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:05,546 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler successfully authenticated temp+password 2015-11-03 16:38:05,549 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated temp with credentials [temp+password]. 2015-11-03 16:38:05,550 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:05 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:05,550 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:05 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:05,573 DEBUG [net.sf.ehcache.store.disk.Segment] - put added 0 on heap 2015-11-03 16:38:05,577 DEBUG [net.sf.ehcache.store.disk.Segment] - put updated, deleted 0 on heap 2015-11-03 16:38:05,577 DEBUG
RE: [cas-user] ehcache and Service Ticket Validation fails
Seconds: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/ cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- From: Song, Doe-Hyun [mailto:ds...@armada.net] Sent: Tuesday, November 3, 2015 3:06 PM To: cas-user@lists.jasig.org Subject: RE:[cas-user] ehcache and Service Ticket Validation fails BTW, this is the one copied from 4.1 document. Log shows copied ServiceTicket is expired. I can not find the timeToLive information from EhCacheFactoryBean document. Is it millisecond instead of second? If so, what value should I set instead of 300? 2015-11-03 16:38:15,721 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. From: Song, Doe-Hyun Sent: Tuesday, November 03, 2015 4:57 PM To: cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> Subject: [cas-user] ehcache and Service Ticket Validation fails I am using 4.1 and installed ehcache for two cas servers. It is quiet random - fail sometimes and succeed sometimes. There are two servers and server1 creates TGT and ST successfully. Server2 tries to validate ST and fails. The following is both servers' logs. Interestingly, I can see cas_st.data file is always 0 size no matter what validate fails or succeeds. Server1 2015-11-03 16:38:04,958 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler successfully authenticated temp+password 2015-11-03 16:38:04,973 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated temp with credentials [temp+password]. 2015-11-03 16:38:04,976 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,976 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,978 DEBUG [net.sf.ehcache.store.disk.Segment] - put added 0 on heap 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault removed 0 from heap 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault added 0 on disk 2015-11-03 16:38:04,985 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: TGT-**GsFfWjbxN6-cas.server.ne t ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,985 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: TGT-**GsFfWjbxN6-cas.server.ne t ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:05,546 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler successfully authenticated temp+password 2015-11-03 16:38:05,549 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated temp with credentials [temp+password]. 2015-11-03 16:38:05,550 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:05 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:05,550 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+pa
RE: [cas-user] ehcache and Service Ticket Validation fails
I saw the link but it is for other class. And i assumed it so. But why my duplicated aservice ticket is expired within a second. From: Misagh Moayyed [mmoay...@unicon.net] Sent: Tuesday, November 03, 2015 5:17 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] ehcache and Service Ticket Validation fails Seconds: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- From: Song, Doe-Hyun [mailto:ds...@armada.net] Sent: Tuesday, November 3, 2015 3:06 PM To: cas-user@lists.jasig.org Subject: RE:[cas-user] ehcache and Service Ticket Validation fails BTW, this is the one copied from 4.1 document. Log shows copied ServiceTicket is expired. I can not find the timeToLive information from EhCacheFactoryBean document. Is it millisecond instead of second? If so, what value should I set instead of 300? 2015-11-03 16:38:15,721 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. From: Song, Doe-Hyun Sent: Tuesday, November 03, 2015 4:57 PM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: [cas-user] ehcache and Service Ticket Validation fails I am using 4.1 and installed ehcache for two cas servers. It is quiet random – fail sometimes and succeed sometimes. There are two servers and server1 creates TGT and ST successfully. Server2 tries to validate ST and fails. The following is both servers’ logs. Interestingly, I can see cas_st.data file is always 0 size no matter what validate fails or succeeds. Server1 2015-11-03 16:38:04,958 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler successfully authenticated temp+password 2015-11-03 16:38:04,973 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated temp with credentials [temp+password]. 2015-11-03 16:38:04,976 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,976 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,978 DEBUG [net.sf.ehcache.store.disk.Segment] - put added 0 on heap 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault removed 0 from heap 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault added 0 on disk 2015-11-03 16:38:04,985 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: TGT-**GsFfWjbxN6-cas.server.net ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,985 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: TGT-**GsFfWjbxN6-cas.server.net ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:05,546 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler successfully authenticated temp+password 2015-11-03 16:38:05,549 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated temp with credentials [temp+password]. 2015-11-03 16:38:05,550 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:05 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.serv
RE: [cas-user] ehcache and Service Ticket Validation fails
If 300 is seconds, it is 5 minutes. As you said 10 second is default, where should I change the value? -Original Message- From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Tuesday, November 03, 2015 9:32 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] ehcache and Service Ticket Validation fails Your first ST was issued at 2015-11-03 16:38:05. The validation attempt was at 2015-11-03 16:38:15. That's a 10-second difference. Its by default expire at 10 seconds. So you may want to increase your ST timeout. - Misagh > On Nov 3, 2015, at 4:16 PM, Song, Doe-Hyun <ds...@armada.net> wrote: > > I saw the link but it is for other class. And i assumed it so. But why my > duplicated aservice ticket is expired within a second. > > From: Misagh Moayyed [mmoay...@unicon.net] > Sent: Tuesday, November 03, 2015 5:17 PM > To: cas-user@lists.jasig.org > Subject: RE: [cas-user] ehcache and Service Ticket Validation fails > > Seconds: > http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- > > > From: Song, Doe-Hyun [mailto:ds...@armada.net] > Sent: Tuesday, November 3, 2015 3:06 PM > To: cas-user@lists.jasig.org > Subject: RE:[cas-user] ehcache and Service Ticket Validation fails > > BTW, this is the one copied from 4.1 document. > >class="org.springframework.cache.ehcache.EhCacheFactoryBean" > parent="abstractTicketCache" > p:cacheName="cas_st" > p:timeToIdle="0" > p:timeToLive="300" > p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" /> > > Log shows copied ServiceTicket is expired. I can not find the timeToLive > information from EhCacheFactoryBean document. Is it millisecond instead of > second? If so, what value should I set instead of 300? > > 2015-11-03 16:38:15,721 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > - ServiceTicket [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. > > > From: Song, Doe-Hyun > Sent: Tuesday, November 03, 2015 4:57 PM > To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> > Subject: [cas-user] ehcache and Service Ticket Validation fails > > I am using 4.1 and installed ehcache for two cas servers. It is quiet random > - fail sometimes and succeed sometimes. > > There are two servers and server1 creates TGT and ST successfully. Server2 > tries to validate ST and fails. The following is both servers' logs. > > Interestingly, I can see cas_st.data file is always 0 size no matter what > validate fails or succeeds. > > > Server1 > > 2015-11-03 16:38:04,958 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > LdapAuthenticationHandler successfully authenticated temp+password > 2015-11-03 16:38:04,973 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > Authenticated temp with credentials [temp+password]. > 2015-11-03 16:38:04,976 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > = > WHO: temp+password > WHAT: supplied credentials: [temp+password] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:04 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > = > > > 2015-11-03 16:38:04,976 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > = > WHO: temp+password > WHAT: supplied credentials: [temp+password] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:04 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > = > > > 2015-11-03 16:38:04,978 DEBUG [net.sf.ehcache.store.disk.Segment] - put added > 0 on heap > 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > removed 0 from heap > 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > added 0 on disk > 2015-11-03 16:38:04,985 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > = > WHO: temp+password > WHAT: > TGT-**GsFfWjbxN6-cas.server.n
Re: [cas-user] ehcache and Service Ticket Validation fails
Your first ST was issued at 2015-11-03 16:38:05. The validation attempt was at 2015-11-03 16:38:15. That’s a 10-second difference. Its by default expire at 10 seconds. So you may want to increase your ST timeout. - Misagh > On Nov 3, 2015, at 4:16 PM, Song, Doe-Hyun <ds...@armada.net> wrote: > > I saw the link but it is for other class. And i assumed it so. But why my > duplicated aservice ticket is expired within a second. > > From: Misagh Moayyed [mmoay...@unicon.net] > Sent: Tuesday, November 03, 2015 5:17 PM > To: cas-user@lists.jasig.org > Subject: RE: [cas-user] ehcache and Service Ticket Validation fails > > Seconds: > http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- > > > From: Song, Doe-Hyun [mailto:ds...@armada.net] > Sent: Tuesday, November 3, 2015 3:06 PM > To: cas-user@lists.jasig.org > Subject: RE:[cas-user] ehcache and Service Ticket Validation fails > > BTW, this is the one copied from 4.1 document. > >class="org.springframework.cache.ehcache.EhCacheFactoryBean" > parent="abstractTicketCache" > p:cacheName="cas_st" > p:timeToIdle="0" > p:timeToLive="300" > p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" /> > > Log shows copied ServiceTicket is expired. I can not find the timeToLive > information from EhCacheFactoryBean document. Is it millisecond instead of > second? If so, what value should I set instead of 300? > > 2015-11-03 16:38:15,721 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > - ServiceTicket [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. > > > From: Song, Doe-Hyun > Sent: Tuesday, November 03, 2015 4:57 PM > To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> > Subject: [cas-user] ehcache and Service Ticket Validation fails > > I am using 4.1 and installed ehcache for two cas servers. It is quiet random > – fail sometimes and succeed sometimes. > > There are two servers and server1 creates TGT and ST successfully. Server2 > tries to validate ST and fails. The following is both servers’ logs. > > Interestingly, I can see cas_st.data file is always 0 size no matter what > validate fails or succeeds. > > > Server1 > > 2015-11-03 16:38:04,958 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > LdapAuthenticationHandler successfully authenticated temp+password > 2015-11-03 16:38:04,973 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > Authenticated temp with credentials [temp+password]. > 2015-11-03 16:38:04,976 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > = > WHO: temp+password > WHAT: supplied credentials: [temp+password] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:04 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > = > > > 2015-11-03 16:38:04,976 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > = > WHO: temp+password > WHAT: supplied credentials: [temp+password] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:04 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > = > > > 2015-11-03 16:38:04,978 DEBUG [net.sf.ehcache.store.disk.Segment] - put added > 0 on heap > 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > removed 0 from heap > 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault > added 0 on disk > 2015-11-03 16:38:04,985 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > = > WHO: temp+password > WHAT: > TGT-**GsFfWjbxN6-cas.server.net > ACTION: TICKET_GRANTING_TICKET_CREATED > APPLICATION: CAS > WHEN: Tue Nov 03 16:38:04 EST 2015 > CLIENT IP ADDRESS: 100.100.100.200 > SERVER IP ADDRESS: apparms.server.net > = > > > 2015-11-03 16:38:04,985 INFO > [org.jasig.inspektr.audit.support.S
[cas-user] ehcache and Service Ticket Validation fails
I am using 4.1 and installed ehcache for two cas servers. It is quiet random - fail sometimes and succeed sometimes. There are two servers and server1 creates TGT and ST successfully. Server2 tries to validate ST and fails. The following is both servers' logs. Interestingly, I can see cas_st.data file is always 0 size no matter what validate fails or succeeds. Server1 2015-11-03 16:38:04,958 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler successfully authenticated temp+password 2015-11-03 16:38:04,973 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated temp with credentials [temp+password]. 2015-11-03 16:38:04,976 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,976 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,978 DEBUG [net.sf.ehcache.store.disk.Segment] - put added 0 on heap 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault removed 0 from heap 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault added 0 on disk 2015-11-03 16:38:04,985 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: TGT-**GsFfWjbxN6-cas.server.net ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:04,985 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: TGT-**GsFfWjbxN6-cas.server.net ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Nov 03 16:38:04 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:05,546 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler successfully authenticated temp+password 2015-11-03 16:38:05,549 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated temp with credentials [temp+password]. 2015-11-03 16:38:05,550 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:05 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:05,550 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: temp+password WHAT: supplied credentials: [temp+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Nov 03 16:38:05 EST 2015 CLIENT IP ADDRESS: 100.100.100.200 SERVER IP ADDRESS: apparms.server.net = 2015-11-03 16:38:05,573 DEBUG [net.sf.ehcache.store.disk.Segment] - put added 0 on heap 2015-11-03 16:38:05,577 DEBUG [net.sf.ehcache.store.disk.Segment] - put updated, deleted 0 on heap 2015-11-03 16:38:05,577 DEBUG [net.sf.ehcache.store.disk.Segment] - put updated, deleted 0 on disk 2015-11-03 16:38:05,578 DEBUG [net.sf.ehcache.store.disk.Segment] - put added 0 on heap 2015-11-03 16:38:05,578 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL //apparms01q:41001/cas_st 2015-11-03 16:38:05,580 DEBUG [net.sf.ehcache.store.disk.Segment] - fault removed 0 from heap 2015-11-03 16:38:05,580 DEBUG [net.sf.ehcache.store.disk.Segment] - fault added 0 on disk 2015-11-03 16:38:05,581 DEBUG [net.sf.ehcache.store.disk.Segment] - fault removed 0 from heap 2015-11-03 16:38:05,581
