I had a quick look, and it seems like this sort of issue is fixed in 4.2 and beyond but I’ll let Jérôme confirm. If so, you may want to give that a try if you can.
I don’t think you need to have the timeout be long term. The web session is different from your SSO session. You want to make sure the session timeout matches the “timeout” of your load balancer. It must be equal or greater than that setting. Typically, the common norm is somewhere between 10-15 minutes. From: [email protected] [mailto:[email protected]] On Behalf Of Shailesh Deshpande Sent: Saturday, February 20, 2016 6:12 AM To: Misagh Moayyed <[email protected]> Cc: CAS Community <[email protected]> Subject: Re: [cas-user] oauth20_callbackUrl is missing from the session and can not be retrieved Thanks Misagh for responding. I hope Jérôme could add to this conversation as well. I am thinking that, session stickiness may might fail "in long term CAS login". As stickiness session has the timeouts. I am implementing the long term session for mobile app which is one of the clients. Do I need to make the session stickiness timeouts also long term in that case? On Sat, Feb 20, 2016 at 1:25 AM, Misagh Moayyed <[email protected] <mailto:[email protected]> > wrote: Jérôme would know best, but I think OAuth support in CAS requires some sort of sticky session or session replication. Certain parameters are stored into the web session prior to redirects and retrieved afterwards, and the session is obviously local. This seems like something that can be improved further. From: [email protected] <mailto:[email protected]> [mailto:[email protected] <mailto:[email protected]> ] On Behalf Of Shailesh Deshpande Sent: Friday, February 19, 2016 2:42 PM To: CAS Community <[email protected] <mailto:[email protected]> > Subject: [cas-user] oauth20_callbackUrl is missing from the session and can not be retrieved I am using <http://www.apereo.org/cas> Apereo Central Authentication Service 4.1.4 version. I have configured two tomcat servers in the cluster. Both servers have CAS-oAuth2.0 support enabled. In order to test, I have a sample oAuth 2.0 client which is requesting the access through my server. I am using Hazelcast for the Service Registry. The server is responding correctly without server clustering. However, when two servers are running, the callbackAuthorize method is erring with error oauth20_callbackUrl is missing from the session and can not be retrieved. Please review the logs without and with clustering below. The CAS documentation does not ask for the session replication across the servers. So is there something that I am missing? I will really appreciate someone can help me immediately to resolve this. ###### Debug log with clustering on ########## [DEBUG] 2016-02-19 16:23:39,626 [http-nio-8080-exec-3] [] org.jasig.cas.support.oauth.web.BaseOAuthWrapperController debug - method : callbackAuthorize [DEBUG] 2016-02-19 16:23:39,626 [http-nio-8080-exec-3] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - ticket : null [DEBUG] 2016-02-19 16:23:39,626 [http-nio-8080-exec-3] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - oauth20_callbackUrl : null [ERROR] 2016-02-19 16:23:39,626 [http-nio-8080-exec-3] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController error - oauth20_callbackUrl is missing from the session and can not be retrieved. ###### Debug log with clustering OFF ########## [DEBUG] 2016-02-19 16:24:54,538 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.BaseOAuthWrapperController debug - method : callbackAuthorize [DEBUG] 2016-02-19 16:24:54,539 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - ticket : ST-8-ZCQEDMoSFN63RmZOXB5P-qual.cas.laureate.net <http://ST-8-ZCQEDMoSFN63RmZOXB5P-qual.cas.laureate.net> [DEBUG] 2016-02-19 16:24:54,539 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - oauth20_callbackUrl : https://qual.cas.laureate.net/OAuth2TestApp/oauth2callback [DEBUG] 2016-02-19 16:24:54,540 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - oauth20_state : null [DEBUG] 2016-02-19 16:24:54,540 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - oauth20_callbackUrl : https://qual.cas.laureate.net/OAuth2TestApp/oauth2callback?code=ST-8-ZCQEDMoSFN63RmZOXB5P-qual.cas.laureate.net [DEBUG] 2016-02-19 16:24:54,540 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - bypassApprovalPrompt : false [DEBUG] 2016-02-19 16:24:54,541 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - serviceName : SampleOauthClient -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- Shailesh Deshpande Cell: - 9422003057 -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
