Sure, here's relevant sniplet:
157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/login?service=https%3a%2f%2fservice1.lut.fi%2fservice1%2fAuthn%2fRemoteUser HTTP/1.1" 200 7665 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "-" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/js/cas.js;jsessionid=EBCB70E1C4ADC95B2D777AADADFE023B HTTP/1.1" 200 1557 "https://caslogin/cas/login?service=https%3a%2f%2fservice1.lut.fi%2fservice1%2fAuthn%2fRemoteUser"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/themes/LUT_layout.css HTTP/1.1" 200 9315 "https://caslogin/cas/login?service=https%3a%2f%2fservice1.lut.fi%2fservice1%2fAuthn%2fRemoteUser"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/ja-sig-logo.gif;jsessionid=EBCB70E1C4ADC95B2D777AADADFE023B HTTP/1.1" 200 1502 "https://caslogin/cas/login?service=https%3a%2f%2fservice1.lut.fi%2fservice1%2fAuthn%2fRemoteUser"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/LUT_layout/LUT_logo.gif HTTP/1.1" 200 4226 "https://caslogin/cas/login?service=https%3a%2f%2fservice1.lut.fi%2fservice1%2fAuthn%2fRemoteUser"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/favicon.ico;jsessionid=EBCB70E1C4ADC95B2D777AADADFE023B HTTP/1.1" 200 170 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/LUT_layout/LUT_layout_menu_oranssi.gif HTTP/1.1" 200 820 "https://caslogin/cas/themes/LUT_layout.css"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/LUT_layout/LUT_layout_varjo_vasen.jpg HTTP/1.1" 200 7297 "https://caslogin/cas/themes/LUT_layout.css"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/LUT_layout/LUT_layout_varjo_ala.jpg HTTP/1.1" 200 7295 "https://caslogin/cas/themes/LUT_layout.css"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/LUT_layout/LUT_layout_varjo_oikea.jpg HTTP/1.1" 200 7295 "https://caslogin/cas/themes/LUT_layout.css"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/themes/calibri.eot HTTP/1.1" 200 104596 "https://caslogin/cas/themes/LUT_layout.css"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/LUT_layout/LUT_layout_varjo_ala_vasen_kulma.jpg HTTP/1.1" 200 7304 "https://caslogin/cas/themes/LUT_layout.css"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/LUT_layout/LUT_layout_kasvu.jpg HTTP/1.1" 200 38141 "https://caslogin/cas/themes/LUT_layout.css"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/LUT_layout/LUT_layout_varjo_ala_oikea_kulma.jpg HTTP/1.1" 200 7298 "https://caslogin/cas/themes/LUT_layout.css"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:43 +0300] "GET /cas/images/LUT_layout/LUT_layout_login_nuoli.gif HTTP/1.1" 200 1256 "https://caslogin/cas/themes/LUT_layout.css"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:49 +0300] "POST /cas/login;jsessionid=EBCB70E1C4ADC95B2D777AADADFE023B?service=https%3a%2f%2fservice1.lut.fi%2fservice1%2fAuthn%2fRemoteUser HTTP/1.1" 302 - "https://caslogin/cas/login?service=https%3a%2f%2fservice1.lut.fi%2fservice1%2fAuthn%2fRemoteUser"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B" 157.24.xx.xx - - [24/Apr/2012:12:49:56 +0300] "GET /cas/login?service=https%3a%2f%2fservice2.lut.fi%2f HTTP/1.1" 200 7049 "https://noppa.lut.fi/noppa/app"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "CASTGC=TGT-759-pHOMAKQtsFrJYAlW5cbFMtfdsueEIlnGXqV99Rzb1Hwttw9YLv-cas; JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B; MOD_AUTH_CAS_S=6b42cb200c827d7be4bd9068842de385" 157.24.xx.xx - - [24/Apr/2012:12:49:56 +0300] "GET /cas/js/cas.js HTTP/1.1" 200 1557 "https://caslogin/cas/login?service=https%3a%2f%2fservice2.lut.fi%2f"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "CASTGC=TGT-759-pHOMAKQtsFrJYAlW5cbFMtfdsueEIlnGXqV99Rzb1Hwttw9YLv-cas; JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B; MOD_AUTH_CAS_S=6b42cb200c827d7be4bd9068842de385" 157.24.xx.xx - - [24/Apr/2012:12:49:56 +0300] "GET /cas/images/ja-sig-logo.gif HTTP/1.1" 200 1502 "https://caslogin/cas/login?service=https%3a%2f%2fservice2.lut.fi%2f"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "CASTGC=TGT-759-pHOMAKQtsFrJYAlW5cbFMtfdsueEIlnGXqV99Rzb1Hwttw9YLv-cas; JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B; MOD_AUTH_CAS_S=6b42cb200c827d7be4bd9068842de385" 157.24.xx.xx - - [24/Apr/2012:12:49:56 +0300] "GET /cas/favicon.ico HTTP/1.1" 200 170 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "CASTGC=TGT-759-pHOMAKQtsFrJYAlW5cbFMtfdsueEIlnGXqV99Rzb1Hwttw9YLv-cas; JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B; MOD_AUTH_CAS_S=6b42cb200c827d7be4bd9068842de385" 157.24.xx.xx - - [24/Apr/2012:12:50:02 +0300] "POST /cas/login?service=https%3a%2f%2fservice2.lut.fi%2f HTTP/1.1" 302 - "https://caslogin/cas/login?service=https%3a%2f%2fservice2.lut.fi%2f"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" "CASTGC=TGT-759-pHOMAKQtsFrJYAlW5cbFMtfdsueEIlnGXqV99Rzb1Hwttw9YLv-cas; JSESSIONID=EBCB70E1C4ADC95B2D777AADADFE023B; MOD_AUTH_CAS_S=6b42cb200c827d7be4bd9068842de385" It's really strange, I tracked those TGT cookies on the client side also. When the client is redirected from the second service to the caslogin, the client sends correct TGT cookie to caslogin. After the client is done with authentication again, it receives a new TGT cookie from cas. I'm out of ideas what could cause this or how to debug this further. On Tue, 2012-04-24 at 03:23 -0500, jleleu wrote: > Hi, > > The TGT destruction and the creation of a new TGT is strange. > > Can you send us your HTTP logs (with cookies) ? > > Best regards, > Jérôme > -- Antti Sirviö <[email protected]> Lappeenranta University of Technology/Information services & technology () ascii ribbon campaign - against html mail /\
signature.asc
Description: This is a digitally signed message part
