Hi there,
Intermittently, our user experiences a problem with CAS (CAS 4.1.4
overlay). They type in the correct user credential, CAS goes back to the
login page without any error message. They have to keep trying, they will
eventually login after 2nd or even 3rd try.
I finally find this set of logs when this happened. The following user
demosrikanthr is authenticated, but because the service URL does not match
(note that only the ending / being different). After that, the ticket is
deleted. Is that why browser is redirected back to login page?
I have the same problem with CAS 3.5.2, too.
this is my service definition, I do not see anything wrong, it should match
the URL with and without /.
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "https://lbqaqdap\\.qa\\.medplus\\.com/?";,
"name" : "qap",
"theme" : "qap",
Thx,
Yan
2016-02-19 12:57:00,936 DEBUG [org.jasig.cas.services.
DefaultRegisteredServiceAccessStrategy] - <No required attributes are
specified>
2016-02-19 12:57:00,937 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Looking up service ticket id generator for [org.jasig.cas.authentication.
principal.SimpleWebApplicationServiceImpl]>
2016-02-19 12:57:00,937 DEBUG
[org.jasig.cas.ticket.registry.MemCacheTicketRegistry]
- <Updating ticket TGT-***********************************************
rbSGsqIzRk-qacas02>
2016-02-19 12:57:00,943 DEBUG
[org.jasig.cas.ticket.registry.MemCacheTicketRegistry]
- <Adding ticket ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02>
2016-02-19 12:57:00,945 INFO [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Granted ticket [ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02] for service [
https://lbqaqdap.qa.medplus.com/] for user [demosrikanthr]>
2016-02-19 12:57:00,945 DEBUG [org.jasig.cas.audit.spi.
TicketOrCredentialPrincipalResolver] - <Resolving argument [String] for
audit>
2016-02-19 12:57:00,960 INFO
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
- <Audit trail record BEGIN
=============================================================
WHO: demosrikanthr
WHAT: ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02 for
https://lbqaqdap.qa.medplus.com/
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Feb 19 12:57:00 UTC 2016
CLIENT IP ADDRESS: 172.18.4.136
SERVER IP ADDRESS: 172.18.38.112
=============================================================
>
2016-02-19 12:57:01,162 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- <Extractor generated service for: https://lbqaqdap.qa.medplus.com>
2016-02-19 12:57:01,170 DEBUG
[org.jasig.cas.ticket.registry.MemCacheTicketRegistry]
- <Updating ticket ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02>
2016-02-19 12:57:01,173 ERROR
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Service ticket
[ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02] with service [
https://lbqaqdap.qa.medplus.com/] does not match supplied service [
https://lbqaqdap.qa.medplus.com]>
2016-02-19 12:57:01,177 DEBUG
[org.jasig.cas.ticket.registry.MemCacheTicketRegistry]
- <Deleting ticket ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02>
2016-02-19 12:57:01,179 DEBUG [org.jasig.cas.audit.spi.
TicketOrCredentialPrincipalResolver] - <Resolving argument [String] for
audit>
2016-02-19 12:57:01,181 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Ticket [ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02] by type [Ticket] cannot be
found in the ticket registry.>
2016-02-19 12:57:01,183 DEBUG [org.jasig.cas.audit.spi.
TicketOrCredentialPrincipalResolver] - <Could not locate ticket
[ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02] in the registry>
2016-02-19 12:57:01,183 DEBUG [org.jasig.cas.audit.spi.
TicketOrCredentialPrincipalResolver] - <Unable to determine the audit
argument. Returning [audit:unknown]>
2016-02-19 12:57:01,187 INFO
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
- <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-52-RJ2vrIwbaeeXbzsaUL17-qacas02
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
