Hi Everyone, I have an application that makes heavy use of Proxy Tickets and am using Redis as a ticket registry. When my user logs out of CAS, the PGT does not get destroyed but what I assume to be the parent TGT does. I get the same behavior using Hazelcast. When I use the DefaultTicketRegistry, it appears that both the TGT and PGT are destroyed.
Does anyone have an idea why the PGT is being cleaned up with the DefaultTicketRegistry but not with Redis/Hazelcast? I've tried CAS 5.2.6 and 5.3.3 with the same results. When the maxTimeToLiveInSeconds value expires, both the parent TGT and child PGT are destroyed. I pulled down the 5.2.6 source, set the log level to DEBUG and was able to trace some of the flow. Here are my findings: AbstractTicketRegistry.deleteTicket() – handles the removal of all of the tickets. If a TGT is passed in, this will look for child, PGTs and clean them up first. In a CAS-only session, this got a TGT, found a PGT and deleted them both. In a CAS/Redis session, this only got a TGT – no PGT. I’m guessing that this means that either the PGT was never added to the parent, TGT or that the reference to it was cleared out before the deleteTicket() call. ServiceTicketImpl.grantProxyGrantingTicket() – creates the PGT and adds it to the TGT’s getProxyGrantingTickets() Map. There wasn’t much logging here. I know the PGT was created but I don’t know if it was actually assigned to its parent. I didn’t see any Exceptions. So, I assume the child-to-parent assignment was made. RedisTicketRegistry – uses an org.springframework.data.redis.core.RedisTemplate – to set and get entries. This differs with DefaultTicketRegistry that simply uses a ConcurrentHashMap to handle the tickets. It kind of makes me wonder whether there’s an issue with the spring data component. I'm not able to build CAS from source - running as a normal user or administrator. So, I haven't managed to add more logging statements. This is my build environment: Windows 7 CAS 5.2.6 Gradle 4.10.2 Java 1.8.0_144 gradle -DskipFindbugs=true -DskipCheckstyle=true -DskipTests=true --stacktrace --debug clean build 18:03:57.304 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Caused by: org.gradle.process.internal.ExecException: Process 'command 'C:\sandbox\cas\webapp\cas-server-webapp-jetty\.gradle\nodejs\node-v7.10.0-win-x64\npm.cmd'' finished with non-zero exit value -4048 18:03:57.305 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] at org.gradle.process.internal.DefaultExecHandle$ExecResultImpl.assertNormalExitValue(DefaultExecHandle.java:395) 18:03:57.305 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] at org.gradle.process.internal.DefaultExecAction.execute(DefaultExecAction.java:37) 18:03:57.306 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] at org.gradle.api.internal.file.DefaultFileOperations.exec(DefaultFileOperations.java:232) ... cas.properties: logging.config: file:/etc/cas/config/log4j2.xml server.contextPath=/cas server.port=8443 server.ssl.keyStore=file:/etc/cas/keystore.jks server.ssl.keyStorePassword=myPassword server.ssl.keyPassword=myPassword #Disable default casuser cas.authn.accept.users= cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldaps://LDAPBOX:636 cas.authn.ldap[0].baseDn=OU=TAP,DC=tap,DC=test cas.authn.ldap[0].userFilter=sAMAccountName={user} cas.authn.ldap[0].usePasswordPolicy=true cas.authn.ldap[0].bindDn=CN=USER1,OU=Service,OU=Users,OU=ABC,DC=abc,DC=test cas.authn.ldap[0].bindCredential=myCredential cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,memberOf cas.authn.ldap[0].trustCertificates=file:/etc/cas/cert.cer # IP address may be enough to protect all endpoints. cas.adminPagesSecurity.ip=0\.0\.0\.0 cas.adminPagesSecurity.loginUrl=https://CASMACHINE:8443/cas/login cas.adminPagesSecurity.service=https://CASMACHINE:8443/cas/status/dashboard cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties cas.adminPagesSecurity.adminRoles=ROLE_ADMIN cas.adminPagesSecurity.actuatorEndpointsEnabled=true cas.serviceRegistry.json.location=file:/etc/cas/config # Sessions are terminated if no new tickets are requested in 15 minutes cas.ticket.tgt.timeToKillInSeconds=900 # Sessions are never allowed to last longer than 8 hours (default) cas.ticket.tgt.maxTimeToLiveInSeconds=28800 #Redis cas.ticket.registry.redis.host=CASMACHINE cas.ticket.registry.redis.port=6379 cas.ticket.registry.redis.database=0 Thanks, d -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b32cf28e-35f5-4ca8-bcec-d88001858db2%40apereo.org.