Andy: >Why is it taking longer than 10 seconds for your application to validate the ticket?
That's a good question, I wish I knew. We can't find any rhyme or reason. I was thinking slow network between redirecting the user from our CAS server back to the application. The reason I suspected that was because a number of the debug emails we've gotten have a mobile related user agent as part of the request. I just tried as GPRS (50Kbps and 500ms RTT) using google developer tools but I can't seem to get it to trigger our error page. I'm wondering if chrome allows the lookups and stuff to go through your standard connection, but downloads the assets via the throttled connection. I also tried fiddler2 and still can't reproduce it, so I'm out of ideas. I'm ok with the 1 time validation, but any suggestions on how we can change it to expire after like 30 seconds or something, and are there any downsides to extending that by 20 seconds? John: So, how our application is configured, we do allow non-CAS authenticated users to login to our system. I have an override a little later in the code that forces authentication if they don't meet certain criteria. The thing is, the current configuration of how I'm checking for CAS works probably 99.5% of the time. Though, looking through the code, I may not need the phpCAS::isAuthenticated() any more. Chris On Friday, May 15, 2015 at 11:55:58 AM UTC-4, Andrew Morgan wrote: > > Why is it taking longer than 10 seconds for your application to validate > the ticket? The default timeout for service tickets is 10 seconds. > > Service tickets are only valid for 10 seconds (by default) or one > validation. > > Andy > > On Fri, 15 May 2015, Christopher Sterling wrote: > > > So, our security guy wasn't a fan of the paste that I had posted since > it > > did have some information about our server in there (and he likes to err > on > > the side of caution), so here it is, even more > > stripped: http://pastebin.com/NKpVrM8i > > > > So, what is happening is that some of our service tickets are expiring > > after 10 seconds, but for the most part, they aren't. Since sunday, I > can > > find about 300 or so instances of it expiring early, the log file is > almost > > 400 megs, wasn't going to look at each one to see how quickly they > failed, > > and over 130,000 successful service tickets created and redeemed. > > > > Any insight? > > > > Chris > > > > On Thursday, May 14, 2015 at 9:32:21 PM UTC-4, Christopher Sterling > wrote: > >> > >> So, have a weird issue that is popping up. 99% of the time, our users > are > >> authenticated successfully. There is that 1% where users aren't > >> authenticated. I'm calling phpCAS::isAuthenticated() before calling the > >> phpCAS::getUser() so they are authenticated when I'm trying to get > their > >> username. > >> > >> We do occasionally get this error that I have captured I'm not sure if > >> this is the error that everybody is throwing. But it's happening > frequently > >> enough that I suspect it. > >> > >> When I get into work tomorrow. I'm going to enable cas debugging in > php. > >> I'll give any extra info I can > >> > >> > >> Error is: > >> > >> Message: Uncaught exception 'CAS_AuthenticationException' in > >> /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS/Client.php:2839 > >> Stack trace: #0 > >> > /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS/Client.php(1224): > >> CAS_Client->validateCAS20('https://cas.geo...', > '\n\n\nisAuthenticated() > >> #2 /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS.php(1101): > >> CAS_Client->forceAuthentication() #3 > >> /portal/server/htdocs/portal/globals/template/auth.inc.php(48): > >> phpCAS::forceAuthentication() #4 > >> /portal/server/htdocs/portal/globals/template/head.inc.php(61): > >> include('/portal/server/...') #5 > >> /portal/server/htdocs/portal/portal.php(3): > include('/portal/server/...') > >> #6 {main} thrown > >> File: /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS/Client.php > >> Line Number: 2839 > >> -- > >> > >> > > -- > > You are currently subscribed to cas-...@lists.jasig.org <javascript:> > as: mor...@orst.edu <javascript:> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: > jasig-cas-user...@googlegroups.com <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
