It is possible under some circumstances, for example under load, for multiple CAS tickets to be issued at the same time with exactly the same identifier. This is a violation of the CAS protocol (sections 3.1.1, 3.2.1, 3.3.1, and 3.4.1) governing the uniqueness requirements on tickets. Note that all ticket types are affected:
Service tickets (ST-xxxxx)
Proxy tickets (PT-xxxxx)
Proxy-granting tickets (PGT-xxxxx)
Proxy-granting ticket IOUs (PTGIOU-xxxxx)
Environment
None
Activity
Marvin Addison
May 16, 2018 at 1:46 PM
This is resolved as of the version bumps to the final cryptacular release.
Marvin Addison
May 9, 2018 at 8:53 PM
Thanks @Tom Zeller.
Tom Zeller
May 9, 2018 at 4:32 PM
We were not building the IdP with the fixed version of cryptacular, so I bumped the version in the idp-parent POM for 3.3 and in the parent POM for IdP 3.4 :
I think we need to bump cryptacular in IdP 3.3 (the maint-3.3 branch) as well as 3.4 (master) and add 3.3.3 to the Fix Version here since I believe we are targeting a patch release of the IdP ?
It is possible under some circumstances, for example under load, for multiple CAS tickets to be issued at the same time with exactly the same identifier. This is a violation of the CAS protocol (sections 3.1.1, 3.2.1, 3.3.1, and 3.4.1) governing the uniqueness requirements on tickets. Note that all ticket types are affected:
Service tickets (ST-xxxxx)
Proxy tickets (PT-xxxxx)
Proxy-granting tickets (PGT-xxxxx)
Proxy-granting ticket IOUs (PTGIOU-xxxxx)