Hi there, Intermittently, our user experiences a problem with CAS (CAS 4.1.4 overlay). They type in the correct user credential, CAS goes back to the login page without any error message. They have to keep trying, they will eventually login after 2nd or even 3rd try.
I finally find this set of logs when this happened. The following user demosrikanthr is authenticated, but because the service URL does not match (note that only the ending / being different). After that, the ticket is deleted. Is that why browser is redirected back to login page? I have the same problem with CAS 3.5.2, too. this is my service definition, I do not see anything wrong, it should match the URL with and without /. { "@class" : "org.jasig.cas.services.RegexRegisteredService", "serviceId" : "https://lbqaqdap\\.qa\\.medplus\\.com/?", "name" : "qap", "theme" : "qap", Thx, Yan 2016-02-19 12:57:00,936 DEBUG [org.jasig.cas.services. DefaultRegisteredServiceAccessStrategy] - <No required attributes are specified> 2016-02-19 12:57:00,937 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Looking up service ticket id generator for [org.jasig.cas.authentication. principal.SimpleWebApplicationServiceImpl]> 2016-02-19 12:57:00,937 DEBUG [org.jasig.cas.ticket.registry.MemCacheTicketRegistry] - <Updating ticket TGT-*********************************************** rbSGsqIzRk-qacas02> 2016-02-19 12:57:00,943 DEBUG [org.jasig.cas.ticket.registry.MemCacheTicketRegistry] - <Adding ticket ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02> 2016-02-19 12:57:00,945 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02] for service [ https://lbqaqdap.qa.medplus.com/] for user [demosrikanthr]> 2016-02-19 12:57:00,945 DEBUG [org.jasig.cas.audit.spi. TicketOrCredentialPrincipalResolver] - <Resolving argument [String] for audit> 2016-02-19 12:57:00,960 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: demosrikanthr WHAT: ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02 for https://lbqaqdap.qa.medplus.com/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Feb 19 12:57:00 UTC 2016 CLIENT IP ADDRESS: 172.18.4.136 SERVER IP ADDRESS: 172.18.38.112 ============================================================= > 2016-02-19 12:57:01,162 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: https://lbqaqdap.qa.medplus.com> 2016-02-19 12:57:01,170 DEBUG [org.jasig.cas.ticket.registry.MemCacheTicketRegistry] - <Updating ticket ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02> 2016-02-19 12:57:01,173 ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] - <Service ticket [ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02] with service [ https://lbqaqdap.qa.medplus.com/] does not match supplied service [ https://lbqaqdap.qa.medplus.com]> 2016-02-19 12:57:01,177 DEBUG [org.jasig.cas.ticket.registry.MemCacheTicketRegistry] - <Deleting ticket ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02> 2016-02-19 12:57:01,179 DEBUG [org.jasig.cas.audit.spi. TicketOrCredentialPrincipalResolver] - <Resolving argument [String] for audit> 2016-02-19 12:57:01,181 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Ticket [ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02] by type [Ticket] cannot be found in the ticket registry.> 2016-02-19 12:57:01,183 DEBUG [org.jasig.cas.audit.spi. TicketOrCredentialPrincipalResolver] - <Could not locate ticket [ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02] in the registry> 2016-02-19 12:57:01,183 DEBUG [org.jasig.cas.audit.spi. TicketOrCredentialPrincipalResolver] - <Unable to determine the audit argument. Returning [audit:unknown]> 2016-02-19 12:57:01,187 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02 ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.