Your cache policy is different from the CAS policy. Look into your cas.properties and you will find a timeout value for STs, or look up the docs on SSO Expiration Policy. http://jasig.github.io/cas/4.1.x/installation/Configuring-Ticket-Expiration-Policy.html
Leaving the cache policy as 5 minutes for STs will likely cause severe memory/GC issues once your system goes under load. - Misagh > On Nov 3, 2015, at 8:15 PM, Song, Doe-Hyun <ds...@armada.net> wrote: > > If 300 is seconds, it is 5 minutes. As you said 10 second is default, where > should I change the value? > > -----Original Message----- > From: Misagh Moayyed [mailto:mmoay...@unicon.net] > Sent: Tuesday, November 03, 2015 9:32 PM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] ehcache and Service Ticket Validation fails > > Your first ST was issued at 2015-11-03 16:38:05. The validation attempt was > at 2015-11-03 16:38:15. That's a 10-second difference. Its by default expire > at 10 seconds. So you may want to increase your ST timeout. > > - Misagh > >> On Nov 3, 2015, at 4:16 PM, Song, Doe-Hyun <ds...@armada.net> wrote: >> >> I saw the link but it is for other class. And i assumed it so. But why my >> duplicated aservice ticket is expired within a second. >> ________________________________________ >> From: Misagh Moayyed [mmoay...@unicon.net] >> Sent: Tuesday, November 03, 2015 5:17 PM >> To: cas-user@lists.jasig.org >> Subject: RE: [cas-user] ehcache and Service Ticket Validation fails >> >> Seconds: >> http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- >> >> >> From: Song, Doe-Hyun [mailto:ds...@armada.net] >> Sent: Tuesday, November 3, 2015 3:06 PM >> To: cas-user@lists.jasig.org >> Subject: RE:[cas-user] ehcache and Service Ticket Validation fails >> >> BTW, this is the one copied from 4.1 document. >> >> <bean id="serviceTicketsCache" >> class="org.springframework.cache.ehcache.EhCacheFactoryBean" >> parent="abstractTicketCache" >> p:cacheName="cas_st" >> p:timeToIdle="0" >> p:timeToLive="300" >> p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" /> >> >> Log shows copied ServiceTicket is expired. I can not find the timeToLive >> information from EhCacheFactoryBean document. Is it millisecond instead of >> second? If so, what value should I set instead of 300? >> >> 2015-11-03 16:38:15,721 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket >> [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. >> >> >> From: Song, Doe-Hyun >> Sent: Tuesday, November 03, 2015 4:57 PM >> To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> >> Subject: [cas-user] ehcache and Service Ticket Validation fails >> >> I am using 4.1 and installed ehcache for two cas servers. It is quiet random >> - fail sometimes and succeed sometimes. >> >> There are two servers and server1 creates TGT and ST successfully. Server2 >> tries to validate ST and fails. The following is both servers' logs. >> >> Interestingly, I can see cas_st.data file is always 0 size no matter what >> validate fails or succeeds. >> >> >> Server1 >> >> 2015-11-03 16:38:04,958 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> LdapAuthenticationHandler successfully authenticated temp+password >> 2015-11-03 16:38:04,973 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> Authenticated temp with credentials [temp+password]. >> 2015-11-03 16:38:04,976 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:04 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:04,976 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:04 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:04,978 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:04,985 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: >> TGT-**********************************************GsFfWjbxN6-cas.server.net >> ACTION: TICKET_GRANTING_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:04 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:04,985 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: >> TGT-**********************************************GsFfWjbxN6-cas.server.net >> ACTION: TICKET_GRANTING_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:04 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,546 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> LdapAuthenticationHandler successfully authenticated temp+password >> 2015-11-03 16:38:05,549 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> Authenticated temp with credentials [temp+password]. >> 2015-11-03 16:38:05,550 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:05 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,550 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:05 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,573 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:05,577 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> updated, deleted 0 on heap >> 2015-11-03 16:38:05,577 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> updated, deleted 0 on disk >> 2015-11-03 16:38:05,578 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:05,578 DEBUG >> [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL >> //apparms01q:41001/cas_st >> 2015-11-03 16:38:05,580 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:05,580 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:05,581 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:05,581 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:05,610 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted ticket >> [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] for service >> [https://apparms.server.net/] for user [temp] >> 2015-11-03 16:38:05,617 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp >> WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net for >> https://apparms.server.net/ >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:05 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,617 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp >> WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net for >> https://apparms.server.net/ >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:05 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,856 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - >> RMICachePeer for cache cas_st: remote remove received for key: >> ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net >> 2015-11-03 16:38:05,878 DEBUG [net.sf.ehcache.store.disk.Segment] - remove >> deleted 0 from heap >> 2015-11-03 16:38:05,879 DEBUG [net.sf.ehcache.store.disk.Segment] - remove >> deleted 0 from disk >> 2015-11-03 16:38:12,889 DEBUG >> [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL >> //apparms01q:41001/cas_tgt >> >> >> Server 2. >> >> 2015-11-03 16:38:15,494 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:15,496 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - >> RMICachePeer for cache cas_st: remote put received. Element is: [ key = >> ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net, >> value=ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net, version=1, hitCount=0, >> CreationTime = 1446586686000, LastAccessTime = 1446586695494 ] >> 2015-11-03 16:38:15,498 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:15,498 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:15,721 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket >> [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. >> 2015-11-03 16:38:15,730 DEBUG [net.sf.ehcache.store.disk.Segment] - remove >> deleted 0 from heap >> 2015-11-03 16:38:15,730 DEBUG [net.sf.ehcache.store.disk.Segment] - remove >> deleted 0 from disk >> 2015-11-03 16:38:15,731 DEBUG >> [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL >> //apparms02q:41003/cas_st >> 2015-11-03 16:38:15,801 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:15 EST 2015 >> CLIENT IP ADDRESS: 126.90.100.137 >> SERVER IP ADDRESS: 126.90.100.139 >> ============================================================= >> >> >> 2015-11-03 16:38:15,801 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:15 EST 2015 >> CLIENT IP ADDRESS: 126.90.100.137 >> SERVER IP ADDRESS: 126.90.100.139 >> ============================================================= >> >> >> 2015-11-03 16:38:22,804 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:22,806 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - >> RMICachePeer for cache cas_tgt: remote put received. Element is: [ key = >> TGT-**********************************************GsFfWjbxN6-cas.server.net, >> value=TGT-**********************************************GsFfWjbxN6-cas.server.net, >> version=1, hitCount=0, CreationTime = 1446586685000, LastAccessTime = >> 1446586702804 ] >> 2015-11-03 16:38:22,807 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:22,807 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> updated, deleted 0 on heap >> 2015-11-03 16:38:22,808 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - >> RMICachePeer for cache cas_tgt: remote put received. Element is: [ key = >> TGT-**********************************************GsFfWjbxN6-cas.server.net, >> value=TGT-**********************************************GsFfWjbxN6-cas.server.net, >> version=1, hitCount=0, CreationTime = 1446586686000, LastAccessTime = >> 1446586702807 ] >> 2015-11-03 16:38:22,808 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:22,809 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:22,809 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> installation failed, deleted 0 from heap >> 2015-11-03 16:38:22,809 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> installation failed deleted 0 from disk >> 2015-11-03 16:38:22,813 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:22,815 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> >> >> >> -- >> >> You are currently subscribed to >> cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: >> ds...@armada.net<mailto:ds...@armada.net> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> >> >> The information contained in this e-mail and any attachments is confidential >> and >> >> intended only for the recipient. If you are not the intended recipient, the >> >> information contained in this message may not be used, copied, or forwarded >> to >> >> third parties or otherwise distributed for any other purpose. Please notify >> the >> >> sender if you received this e-mail in error and delete the e-mail and its >> >> attachments promptly. Nothing in this e-mail may be used or deemed to form >> the >> >> basis of a contractual or any other legally binding obligation unless >> separately >> >> confirmed in writing by an authorized representative of ARMADA. >> >> >> >> -- >> >> You are currently subscribed to >> cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: >> mmoay...@unicon.net<mailto:mmoay...@unicon.net> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> >> >> The information contained in this e-mail and any attachments is confidential >> and >> >> intended only for the recipient. If you are not the intended recipient, the >> >> information contained in this message may not be used, copied, or forwarded >> to >> >> third parties or otherwise distributed for any other purpose. Please notify >> the >> >> sender if you received this e-mail in error and delete the e-mail and its >> >> attachments promptly. Nothing in this e-mail may be used or deemed to form >> the >> >> basis of a contractual or any other legally binding obligation unless >> separately >> >> confirmed in writing by an authorized representative of ARMADA. >> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: ds...@armada.net >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> >> The information contained in this e-mail and any attachments is confidential >> and >> intended only for the recipient. If you are not the intended recipient, the >> information contained in this message may not be used, copied, or forwarded >> to >> third parties or otherwise distributed for any other purpose. Please notify >> the >> sender if you received this e-mail in error and delete the e-mail and its >> attachments promptly. Nothing in this e-mail may be used or deemed to form >> the >> basis of a contractual or any other legally binding obligation unless >> separately >> confirmed in writing by an authorized representative of ARMADA. >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> mmoay...@unicon.net >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: ds...@armada.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > The information contained in this e-mail and any attachments is confidential > and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or forwarded to > third parties or otherwise distributed for any other purpose. Please notify > the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to form > the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > mmoay...@unicon.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user