RemoteUserAuthHandler (CAS) wedged

Baron Fujimoto baron at
Wed May 14 16:38:00 EDT 2014


On Wed, May 07, 2014 at 10:29:37AM -1000, Baron Fujimoto wrote:
>We have our IdP configured to authenticate via the RemoteUserAuthHandler
>with CAS. We recently encountered a situation where the RemoteUser/CAS
>handler seemed to wedge or go permanently out to lunch (those are the
>technical terms, right?).
>It appears CAS was behaving correctly. When I took the suspect IdP host
>out of service and a failover host took over, service resumed as expected.
>Reviewing logs, I find the following:
>2014-05-07 03:26:59,884 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1044245-1GMdZ1PhU6id3JaHf2IU-cas] for service [] for user [userFOO]
>2014-05-07 03:26:59,884 INFO [] - Audit trail record BEGIN
>WHO: userFOO
>WHAT: ST-1044245-1GMdZ1PhU6id3JaHf2IU-cas for
>WHEN: Wed May 07 03:26:59 HST 2014
>IdP's tomcat:
>May 7, 2014 3:27:00 AM org.apache.catalina.core.StandardWrapperValve invoke
>SEVERE: Servlet.service() for servlet RemoteUserAuthHandler threw exception
>                ticket 'ST-1044245-1GMdZ1PhU6id3JaHf2IU-cas' not recognized
>        [...]
>Every subsequent authentication attempt by the IdP generated a similar
>pair. I haven't found any other forensic evidence yet though. A review
>of previous logs show this sort of thing happens occasionally, but not
>to the point where it fails consistently like this.
>Any ideas on what might have happened or suggestions for further
>IdP: 2.4.0
>CAS client: 3.2.1
>Baron Fujimoto <baron at> :: UH Information Technology Services
>minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list