CAS service ticket validate failed

ssl service single-sign-on cas
25,661

I'm not 100% sure because I can't see your configuration, but the log says this

<ServiceTicket [ST-1-pqIeCRqcafGBE6idoCcd-cas] has expired.>

Which means that the ticket has already expired. There exists a config-file in CAS called ticketExpirationPolicies.xml which contains the times a ticket is valid. In my CAS-version the expiration period for a service ticket is set to 10000ms. Maybe the time between you step 1 and 3 is longer than the expiration setting in your file (of course) which could differ from mine

<!-- Expiration policies -->
<bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy">
    <!-- This argument is the number of times that a ticket can be used before its considered expired. -->
    <constructor-arg
        index="0"
        value="1" />

    <!-- This argument is the time a ticket can exist before its considered expired.  -->
    <constructor-arg
        index="1"
        value="10000" />
</bean>

<bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">
    <!-- This argument is the time a ticket can exist before its considered expired.  -->
    <constructor-arg
        index="0"
        value="7200000" />
</bean>

The tutorial that you follow in my opinion is not complete in its configuration settings. Depending on what you try to achieve with this CAS-server you could need some of the customization described here

Share:
25,661
danmiao
Author by

danmiao

Updated on July 09, 2022

Comments

  • danmiao
    danmiao almost 2 years

    I have followed a link http://lukesampson.com/post/315838839/cas-on-windows-localhost-setup-in-5-mins, then the cas server works correctly, the login url is http://10.1.1.26:8080/login, the validate url is http://10.1.1.26:8080/serviceValidate.

    Then I tested it like below:

    1. call http://10.1.1.26:8080/login?service=http://10.1.1.9:8081/default.aspx
    2. I get the service ticket successfully, such as ST-9-pJ5UDxqKIHP2zuN3JGe4-cas
    3. then I validate the service ticket by calling http://10.1.1.26:8080/serviceValidate?ticket=ST-9-pJ5UDxqKIHP2zuN3JGe4-cas&service=http://10.1.1.9:8081/default.aspx,
    4. unfortunately, it always return invalid ticket,

    in order to fix it, I try cas 1.0 validate url, http://10.1.1.26:8080/validate?ticket=ST-9-pJ5UDxqKIHP2zuN3JGe4-cas&service=http://10.1.1.9:8081/default.aspx, but it return "no".

    Then I generate a certificate file and put it into keystore, then I tried all the above steps by using https://10.1.1.26:8443, howevery, the validation was still failed.

    I changed the cas log4j configuration, to print all debug information, and below is the log 

    2012-02-21 13:18:36,371 DEBUG [org.springframework.web.servlet.DispatcherServlet
] - <DispatcherServlet with name 'cas' processing GET request for [/cas-server-w
ebapp-3.4.11/serviceValidate]>
2012-02-21 13:18:36,381 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandl
erMapping] - <No flow mapping found for request with URI '/cas-server-webapp-3.4
.11/serviceValidate'>
2012-02-21 13:18:36,381 DEBUG [org.springframework.web.servlet.handler.SimpleUrl
HandlerMapping] - <Mapping [/serviceValidate] to HandlerExecutionChain with hand
ler [org.jasig.cas.web.ServiceValidateController@302a4b] and 1 interceptor>
2012-02-21 13:18:36,381 DEBUG [org.springframework.web.servlet.DispatcherServlet
] - <Last-Modified value for [/cas-server-webapp-3.4.11/serviceValidate] is: -1>
2012-02-21 13:18:36,391 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<ServiceTicket [ST-1-pqIeCRqcafGBE6idoCcd-cas] has expired.>
2012-02-21 13:18:36,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAudi
tTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-1-pqIeCRqcafGBE6idoCcd-cas
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Tue Feb 21 13:18:36 EST 2012
CLIENT IP ADDRESS: 10.1.1.9
SERVER IP ADDRESS: 10.1.1.26
=============================================================

    What I don't understand and don't know why is from other post I saw log has something like " write service ticket to ticket registry, and retrieve service ticket ", but there is nothing about that in my log

  • John John Pichler
    John John Pichler over 8 years
    Same problems as here, apparently the default expiration time is very short. I changed and it worked.
  • taylor.2317
    taylor.2317 over 2 years
    This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

JASIG CAS: single sign out not working
got java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty when using cas
CAS vs. SAML vs. OAuth2
SSO with CAS or OAuth?
not recognized cas ticket
Is there a way to force svcutil.exe to ignore SSL certificate issues?
SimpleSAMLphp Unable to validate Signature error
What is the relation between CAS vs SAML?
How to secure a RESTful php web service with SSL/TLS and/or Message level security
Admob in flutter app: "Error while connecting to ad server: SSL handshake aborted"