Hi,
Just a thought, apologies if you've already considered it: is it possible
your ST is rejected not due to timeout, but because it's already been
validated once? For whatever reason - something subtle in the load
balancer, the CASified application (especially if it's clustered itself),
etc.
This
I'm no expert, but IMHO it seems like a cool "catch" :)
Not critical for my project, but nice keep in mind.
Shouldn't it be easy to implement your own
org.jasin.cas.util.UniqueTicketIdGenerator?
Just a minor unrelated note - I hope your CAS connections are HTTPS...?
because when I hear "traffic a