1. That is a bad idea. Your nodes need to share the same configuration. While this may work for now, it will eventually break. It works now because the gods are favoring node1 to issue tickets and node2 to validate them. Whoever issues the ticket gets to decide how long it should last. 2. As the doc says, look into your app and figure out why it’s taking 20 seconds to submit a validation event.
How’s couchbase working out for you? -- Misagh From: John Stevens II <[email protected]> Reply: John Stevens II <[email protected]> Date: August 2, 2016 at 1:51:08 PM To: CAS Community <[email protected]> Subject: [cas-user] Re: Cas multiple service tickets created and multiple tickets failed validation for same user Misagh, I've looked at the docs and increased the the service ticket timeout to 30 seconds: st.timeToKillInSeconds=30 Now I am no longer receiving the too many redirect errors and am able to login to my service and management web application but I am confused about something. 1. I was able to confirm that node1 is the only one having the problem (I have all my logs set to debug) and the nodes should be the same and I can't figure out why I need to increase the st ttl on node1 but not node2. 2. Node1 and node2 share ticket registries so I don't believe it is a problem with that. Any insight would be helpful, Thanks for your help. On Tuesday, August 2, 2016 at 4:18:58 PM UTC-4, Misagh Moayyed wrote: See https://apereo.github.io/cas/4.2.x/installation/Troubleshooting-Guide.html On Tuesday, August 2, 2016 at 11:49:49 AM UTC-7, John Stevens II wrote: I have a problem that randomly happens, after hitting my service url successfully I get redirected to CAS login page, I login successfully and get redirected to my service but the service fails to load with the browser error "performance.example.com redirected you too many times." Setup: 2 Active node servers behind F5 lb w/ source afffinity shared couchbase ticket and service registry When the issue occurs in the logs the service tickets are created on one server and are validated on the other server (fails validation) CAS Server 1 (cas1.example.com): ============================================================= WHO: user1 WHAT: Supplied credentials: [user1] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Aug 02 14:35:07 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.142 ============================================================= > 2016-08-02 14:35:07,579 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: TGT-**********************************************OsqfxL4sVn-cas1.example.com ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Aug 02 14:35:07 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.142 ============================================================= > 2016-08-02 14:35:07,600 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-68-YJvyjEaYZCeKhFhHxet1-cas1.example.com] for service [http://performance.example.com/cas/login/] and principal [user1]> 2016-08-02 14:35:07,608 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: user1 WHAT: ST-68-YJvyjEaYZCeKhFhHxet1-cas1.example.com for http://performance.example.com/cas/login/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue Aug 02 14:35:07 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.142 ============================================================= > 2016-08-02 14:35:07,706 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-69-IjRkj39xVHYQHIlTZaer-cas1.example.com] for service [http://performance.example.com/cas/login/] and principal [user1]> 2016-08-02 14:35:07,710 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: user1 WHAT: ST-69-IjRkj39xVHYQHIlTZaer-cas1.example.com for http://performance.example.com/cas/login/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue Aug 02 14:35:07 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.142 ============================================================= > 2016-08-02 14:35:07,803 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-70-lOLGaHuNJ6GWz2euScXS-cas1.example.com] for service [http://performance.example.com/cas/login/] and principal [user1]> 2016-08-02 14:35:07,807 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: user1 WHAT: ST-70-lOLGaHuNJ6GWz2euScXS-cas1.example.com for http://performance.example.com/cas/login/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue Aug 02 14:35:07 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.142 ============================================================= > 2016-08-02 14:35:07,895 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-71-gTqf6iPzhHTA1JhXux0Z-cas1.example.com] for service [http://performance.example.com/cas/login/] and principal [user1]> 2016-08-02 14:35:07,899 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: user1 WHAT: ST-71-gTqf6iPzhHTA1JhXux0Z-cas1.example.com for http://performance.example.com/cas/login/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue Aug 02 14:35:07 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.142 ============================================================= > 2016-08-02 14:35:07,983 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-72-vA1nKtvrcHWlgLODqn5e-cas1.example.com] for service [http://performance.example.com/cas/login/] and principal [user1]> 2016-08-02 14:35:07,987 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: user1 WHAT: ST-72-vA1nKtvrcHWlgLODqn5e-cas1.example.com for http://performance.example.com/cas/login/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue Aug 02 14:35:07 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.142 ============================================================= CAS Server 2 (cas2.example.com): ============================================================= WHO: audit:unknown WHAT: ST-2-IKC4I2uigDw5DwcrMAkI-cas2.example.com ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Tue Aug 02 14:35:10 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.143 ============================================================= > 2016-08-02 14:35:22,082 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-68-YJvyjEaYZCeKhFhHxet1-cas1.example.com] has expired.> 2016-08-02 14:35:22,091 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-68-YJvyjEaYZCeKhFhHxet1-cas1.example.com ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Tue Aug 02 14:35:22 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.143 ============================================================= > 2016-08-02 14:35:22,174 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-69-IjRkj39xVHYQHIlTZaer-cas1.example.com] has expired.> 2016-08-02 14:35:22,181 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-69-IjRkj39xVHYQHIlTZaer-cas1.example.com ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Tue Aug 02 14:35:22 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.143 ============================================================= > 2016-08-02 14:35:22,274 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-70-lOLGaHuNJ6GWz2euScXS-cas1.example.com] has expired.> 2016-08-02 14:35:22,281 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-70-lOLGaHuNJ6GWz2euScXS-cas1.example.com ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Tue Aug 02 14:35:22 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.143 ============================================================= > 2016-08-02 14:35:22,364 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-71-gTqf6iPzhHTA1JhXux0Z-cas1.example.com] has expired.> 2016-08-02 14:35:22,370 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-71-gTqf6iPzhHTA1JhXux0Z-cas1.example.com ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Tue Aug 02 14:35:22 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.143 ============================================================= > 2016-08-02 14:35:22,579 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-72-vA1nKtvrcHWlgLODqn5e-cas1.example.com] has expired.> 2016-08-02 14:35:22,591 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-72-vA1nKtvrcHWlgLODqn5e-cas1.example.com ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Tue Aug 02 14:35:22 EDT 2016 CLIENT IP ADDRESS: 192.168.0.100 SERVER IP ADDRESS: 192.168.21.143 ============================================================= -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e4aeea7c-542d-44ea-b0c8-ab4f39b4cca9%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57a17e4c.7cd700cc.232b%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
