Vincent, I encountered similar behaviour but have not had time to see if it is the same in 6.4 or why this happened at all. There is this property you could try cas.ticket.st.number-of-uses=
https://apereo.github.io/cas/6.3.x/configuration/Configuration-Properties.html#service-tickets-behavior Ray On Wed, 2021-09-29 at 21:24 -0700, He Vincent wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. >From the log, It passed MFA of gauth. it seems ST had expired and was deleted. So the ST dis not exist any longer. It is strange that it seems that it had trigger 2 SERVICE_TICKET_VALIDATE, first was success, the 2nd was failed. If I inputed the token within a minutes, it will trigger only one SERVICE_TICKET_VALIDATE, and it will not expired/delete the ST either. It was deleted at the Ticket_Destroyed phase. Is it a bug? I tried variouse time-to-live, or time-to-kill paameters . It did not help. He Vincent在 2021年9月30日星期四下午12:16:51 [UTC+8]寫道: Version: CAS 6.3 (CAS 5.3 has no such issue) OAuth2.0+GAuth How to reproduce the issue: 1. Login to the app with Oatu2.0 2. passed login page, stay on MFA page for about 2 minutes. (No issue if input it in a minute) 3. Inpute the Google Auth token 4. It got 500 internal error, with org.apereo.cas.ticket.InvalidTicketException It has no such issue if the app is not using Oauth2.0. Here is the log > 2021-09-30 08:51:09,094 DEBUG [org.apereo.cas.ticket.expiration.MultiTimeUseOrTimeoutExpirationPolicy] - <Ticket usage count [1] is greater than or equal to [1]. Ticket [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas] has expired> 2021-09-30 08:51:09,094 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating ticket ticketId [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas]> 2021-09-30 08:51:09,094 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating collection name [serviceTicketsCollection] for ticket definition [DefaultTicketDefinition(implementationClass=class org.apereo.cas.ticket.ServiceTicketImpl, prefix=ST, properties=DefaultTicketDefinitionProperties(cascadeRemovals=false, storageName=serviceTicketsCollection, storageTimeout=300, storagePassword=null, excludeFromCascade=false), order=-2147483648<tel:(214)%20748-3648>)]> 2021-09-30 08:51:09,095 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Located MongoDb collection instance [serviceTicketsCollection]> 2021-09-30 08:51:09,103 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas] from the registry.> 2021-09-30 08:51:09,103 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Deleting ticket [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas]> 2021-09-30 08:51:09,104 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating collection name [serviceTicketsCollection] for ticket definition [DefaultTicketDefinition(implementationClass=class org.apereo.cas.ticket.ServiceTicketImpl, prefix=ST, properties=DefaultTicketDefinitionProperties(cascadeRemovals=false, storageName=serviceTicketsCollection, storageTimeout=300, storagePassword=null, excludeFromCascade=false), order=-2147483648<tel:(214)%20748-3648>)]> 2021-09-30 08:51:09,104 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Located MongoDb collection instance [serviceTicketsCollection]> 2021-09-30 08:51:09,107 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Deleted ticket [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas] with result [AcknowledgedDeleteResult{deletedCount=1}]> 2021-09-30 08:51:09,108 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [email protected] WHAT: ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas for https://login.mydomain.com/cas/oauth2.0/callbackAuthorize?client_id=alpha&redirect_uri=https%3A%2F%2Falpha-stage.mydomainglo... ACTION: SERVICE_TICKET_VALIDATE_SUCCESS APPLICATION: CAS WHEN: Thu Sep 30 08:51:09 CST 2021 CLIENT IP ADDRESS: 10.16.14.77 SERVER IP ADDRESS: 10.13.23.92 ============================================================= > 2021-09-30 08:51:09,171 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating ticket ticketId [TGT-1-*****Jetbc5m7zU-xxxxxx-slicas]> 2021-09-30 08:51:09,172 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating collection name [ticketGrantingTicketsCollection] for ticket definition [DefaultTicketDefinition(implementationClass=class org.apereo.cas.ticket.TicketGrantingTicketImpl, prefix=TGT, properties=DefaultTicketDefinitionProperties(cascadeRemovals=false, storageName=ticketGrantingTicketsCollection, storageTimeout=28800, storagePassword=null, excludeFromCascade=false), order=2147483647<tel:(214)%20748-3647>)]> 2021-09-30 08:51:09,172 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Located MongoDb collection instance [ticketGrantingTicketsCollection]> 2021-09-30 08:51:09,195 DEBUG [org.apereo.cas.support.oauth.web.OAuth20CasCallbackUrlResolver] - <Final resolved callback URL is [https://login.mydomain.com/cas/oauth2.0/callbackAuthorize?client_id=alpha&redirect_uri=https%3A%2F%2Falpha-stage.mydomain.com%2Fwebsso%3Freturn_uri%3D+https%3A%2F%2Falpha-stage.mydomain.com&response_type=code]> 2021-09-30 08:51:09,197 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating ticket ticketId [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas]> 2021-09-30 08:51:09,197 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Locating collection name [serviceTicketsCollection] for ticket definition [DefaultTicketDefinition(implementationClass=class org.apereo.cas.ticket.ServiceTicketImpl, prefix=ST, properties=DefaultTicketDefinitionProperties(cascadeRemovals=false, storageName=serviceTicketsCollection, storageTimeout=300, storagePassword=null, excludeFromCascade=false), order=-2147483648<tel:(214)%20748-3648>)]> 2021-09-30 08:51:09,197 DEBUG [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Located MongoDb collection instance [serviceTicketsCollection]> 2021-09-30 08:51:09,200 WARN [org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket [ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas] does not exist.> 2021-09-30 08:51:09,201 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-1-xi-sY7iqar4RbUvxXbPfMncPnoo-xxxxxx-slicas for https://login.mydomain.com/cas/oauth2.0/callbackAuthorize?client_id=alpha&redirect_uri=https%3A%2F%2Falpha-stage.mydomainglo... ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Thu Sep 30 08:51:09 CST 2021 CLIENT IP ADDRESS: 10.16.14.77 SERVER IP ADDRESS: 10.13.23.92 ============================================================= -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7acc8e029f37116d664151d349becaeffdd930fb.camel%40uvic.ca.
