Misagh, Thanks. Increase timeout from cas.properties works good.
I realized date from two servers are not identical (approximately 10 seconds gap) and so, if ticket is created from one server which has slower time, it will be expired immediately from the other server by the time the ticket is duplicated. -----Original Message----- From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Wednesday, November 04, 2015 9:02 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] ehcache and Service Ticket Validation fails Your cache policy is different from the CAS policy. Look into your cas.properties and you will find a timeout value for STs, or look up the docs on SSO Expiration Policy. http://jasig.github.io/cas/4.1.x/installation/Configuring-Ticket-Expiration-Policy.html Leaving the cache policy as 5 minutes for STs will likely cause severe memory/GC issues once your system goes under load. - Misagh > On Nov 3, 2015, at 8:15 PM, Song, Doe-Hyun <ds...@armada.net> wrote: > > If 300 is seconds, it is 5 minutes. As you said 10 second is default, where > should I change the value? > > -----Original Message----- > From: Misagh Moayyed [mailto:mmoay...@unicon.net] > Sent: Tuesday, November 03, 2015 9:32 PM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] ehcache and Service Ticket Validation fails > > Your first ST was issued at 2015-11-03 16:38:05. The validation attempt was > at 2015-11-03 16:38:15. That's a 10-second difference. Its by default expire > at 10 seconds. So you may want to increase your ST timeout. > > - Misagh > >> On Nov 3, 2015, at 4:16 PM, Song, Doe-Hyun <ds...@armada.net> wrote: >> >> I saw the link but it is for other class. And i assumed it so. But why my >> duplicated aservice ticket is expired within a second. >> ________________________________________ >> From: Misagh Moayyed [mmoay...@unicon.net] >> Sent: Tuesday, November 03, 2015 5:17 PM >> To: cas-user@lists.jasig.org >> Subject: RE: [cas-user] ehcache and Service Ticket Validation fails >> >> Seconds: >> http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- >> >> >> From: Song, Doe-Hyun [mailto:ds...@armada.net] >> Sent: Tuesday, November 3, 2015 3:06 PM >> To: cas-user@lists.jasig.org >> Subject: RE:[cas-user] ehcache and Service Ticket Validation fails >> >> BTW, this is the one copied from 4.1 document. >> >> <bean id="serviceTicketsCache" >> class="org.springframework.cache.ehcache.EhCacheFactoryBean" >> parent="abstractTicketCache" >> p:cacheName="cas_st" >> p:timeToIdle="0" >> p:timeToLive="300" >> p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" /> >> >> Log shows copied ServiceTicket is expired. I can not find the timeToLive >> information from EhCacheFactoryBean document. Is it millisecond instead of >> second? If so, what value should I set instead of 300? >> >> 2015-11-03 16:38:15,721 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket >> [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. >> >> >> From: Song, Doe-Hyun >> Sent: Tuesday, November 03, 2015 4:57 PM >> To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> >> Subject: [cas-user] ehcache and Service Ticket Validation fails >> >> I am using 4.1 and installed ehcache for two cas servers. It is quiet random >> - fail sometimes and succeed sometimes. >> >> There are two servers and server1 creates TGT and ST successfully. Server2 >> tries to validate ST and fails. The following is both servers' logs. >> >> Interestingly, I can see cas_st.data file is always 0 size no matter what >> validate fails or succeeds. >> >> >> Server1 >> >> 2015-11-03 16:38:04,958 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> LdapAuthenticationHandler successfully authenticated temp+password >> 2015-11-03 16:38:04,973 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> Authenticated temp with credentials [temp+password]. >> 2015-11-03 16:38:04,976 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:04 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:04,976 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:04 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:04,978 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:04,981 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:04,985 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: >> TGT-**********************************************GsFfWjbxN6-cas.server.net >> ACTION: TICKET_GRANTING_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:04 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:04,985 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: >> TGT-**********************************************GsFfWjbxN6-cas.server.net >> ACTION: TICKET_GRANTING_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:04 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,546 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> LdapAuthenticationHandler successfully authenticated temp+password >> 2015-11-03 16:38:05,549 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> Authenticated temp with credentials [temp+password]. >> 2015-11-03 16:38:05,550 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:05 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,550 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp+password >> WHAT: supplied credentials: [temp+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:05 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,573 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:05,577 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> updated, deleted 0 on heap >> 2015-11-03 16:38:05,577 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> updated, deleted 0 on disk >> 2015-11-03 16:38:05,578 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:05,578 DEBUG >> [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL >> //apparms01q:41001/cas_st >> 2015-11-03 16:38:05,580 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:05,580 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:05,581 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:05,581 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:05,610 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted ticket >> [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] for service >> [https://apparms.server.net/] for user [temp] >> 2015-11-03 16:38:05,617 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp >> WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net for >> https://apparms.server.net/ >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:05 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,617 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: temp >> WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net for >> https://apparms.server.net/ >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:05 EST 2015 >> CLIENT IP ADDRESS: 100.100.100.200 >> SERVER IP ADDRESS: apparms.server.net >> ============================================================= >> >> >> 2015-11-03 16:38:05,856 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - >> RMICachePeer for cache cas_st: remote remove received for key: >> ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net >> 2015-11-03 16:38:05,878 DEBUG [net.sf.ehcache.store.disk.Segment] - remove >> deleted 0 from heap >> 2015-11-03 16:38:05,879 DEBUG [net.sf.ehcache.store.disk.Segment] - remove >> deleted 0 from disk >> 2015-11-03 16:38:12,889 DEBUG >> [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL >> //apparms01q:41001/cas_tgt >> >> >> Server 2. >> >> 2015-11-03 16:38:15,494 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:15,496 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - >> RMICachePeer for cache cas_st: remote put received. Element is: [ key = >> ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net, >> value=ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net, version=1, hitCount=0, >> CreationTime = 1446586686000, LastAccessTime = 1446586695494 ] >> 2015-11-03 16:38:15,498 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:15,498 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:15,721 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket >> [ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net] has expired. >> 2015-11-03 16:38:15,730 DEBUG [net.sf.ehcache.store.disk.Segment] - remove >> deleted 0 from heap >> 2015-11-03 16:38:15,730 DEBUG [net.sf.ehcache.store.disk.Segment] - remove >> deleted 0 from disk >> 2015-11-03 16:38:15,731 DEBUG >> [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL >> //apparms02q:41003/cas_st >> 2015-11-03 16:38:15,801 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:15 EST 2015 >> CLIENT IP ADDRESS: 126.90.100.137 >> SERVER IP ADDRESS: 126.90.100.139 >> ============================================================= >> >> >> 2015-11-03 16:38:15,801 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-1-XcYCkWsQ4MnIfWOqeZdf-cas.server.net >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Tue Nov 03 16:38:15 EST 2015 >> CLIENT IP ADDRESS: 126.90.100.137 >> SERVER IP ADDRESS: 126.90.100.139 >> ============================================================= >> >> >> 2015-11-03 16:38:22,804 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:22,806 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - >> RMICachePeer for cache cas_tgt: remote put received. Element is: [ key = >> TGT-**********************************************GsFfWjbxN6-cas.server.net, >> value=TGT-**********************************************GsFfWjbxN6-cas.server.net, >> version=1, hitCount=0, CreationTime = 1446586685000, LastAccessTime = >> 1446586702804 ] >> 2015-11-03 16:38:22,807 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> added 0 on heap >> 2015-11-03 16:38:22,807 DEBUG [net.sf.ehcache.store.disk.Segment] - put >> updated, deleted 0 on heap >> 2015-11-03 16:38:22,808 DEBUG [net.sf.ehcache.distribution.RMICachePeer] - >> RMICachePeer for cache cas_tgt: remote put received. Element is: [ key = >> TGT-**********************************************GsFfWjbxN6-cas.server.net, >> value=TGT-**********************************************GsFfWjbxN6-cas.server.net, >> version=1, hitCount=0, CreationTime = 1446586686000, LastAccessTime = >> 1446586702807 ] >> 2015-11-03 16:38:22,808 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:22,809 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> 2015-11-03 16:38:22,809 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> installation failed, deleted 0 from heap >> 2015-11-03 16:38:22,809 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> installation failed deleted 0 from disk >> 2015-11-03 16:38:22,813 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> removed 0 from heap >> 2015-11-03 16:38:22,815 DEBUG [net.sf.ehcache.store.disk.Segment] - fault >> added 0 on disk >> >> >> >> -- >> >> You are currently subscribed to >> cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: >> ds...@armada.net<mailto:ds...@armada.net> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> >> >> The information contained in this e-mail and any attachments is confidential >> and >> >> intended only for the recipient. If you are not the intended recipient, the >> >> information contained in this message may not be used, copied, or forwarded >> to >> >> third parties or otherwise distributed for any other purpose. Please notify >> the >> >> sender if you received this e-mail in error and delete the e-mail and its >> >> attachments promptly. Nothing in this e-mail may be used or deemed to form >> the >> >> basis of a contractual or any other legally binding obligation unless >> separately >> >> confirmed in writing by an authorized representative of ARMADA. >> >> >> >> -- >> >> You are currently subscribed to >> cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: >> mmoay...@unicon.net<mailto:mmoay...@unicon.net> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> >> >> The information contained in this e-mail and any attachments is confidential >> and >> >> intended only for the recipient. If you are not the intended recipient, the >> >> information contained in this message may not be used, copied, or forwarded >> to >> >> third parties or otherwise distributed for any other purpose. Please notify >> the >> >> sender if you received this e-mail in error and delete the e-mail and its >> >> attachments promptly. Nothing in this e-mail may be used or deemed to form >> the >> >> basis of a contractual or any other legally binding obligation unless >> separately >> >> confirmed in writing by an authorized representative of ARMADA. >> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: ds...@armada.net >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> >> The information contained in this e-mail and any attachments is confidential >> and >> intended only for the recipient. If you are not the intended recipient, the >> information contained in this message may not be used, copied, or forwarded >> to >> third parties or otherwise distributed for any other purpose. Please notify >> the >> sender if you received this e-mail in error and delete the e-mail and its >> attachments promptly. Nothing in this e-mail may be used or deemed to form >> the >> basis of a contractual or any other legally binding obligation unless >> separately >> confirmed in writing by an authorized representative of ARMADA. >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> mmoay...@unicon.net >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: ds...@armada.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > The information contained in this e-mail and any attachments is confidential > and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or forwarded to > third parties or otherwise distributed for any other purpose. Please notify > the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to form > the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > mmoay...@unicon.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: ds...@armada.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user The information contained in this e-mail and any attachments is confidential and intended only for the recipient. If you are not the intended recipient, the information contained in this message may not be used, copied, or forwarded to third parties or otherwise distributed for any other purpose. Please notify the sender if you received this e-mail in error and delete the e-mail and its attachments promptly. Nothing in this e-mail may be used or deemed to form the basis of a contractual or any other legally binding obligation unless separately confirmed in writing by an authorized representative of ARMADA. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
