Invalid service ticket. It was either unrecognized or has expired.

[Hach0u]

Hi,

I've installed the application by following "Linux Docker Installation (Manual)" from the read me. I had a CAS issue that was solved by using #25.

I have now the following error while using default username and password (admin / 11_ThisIsTheFirstPassword_11):

Invalid service ticket. It was either unrecognized or has expired.

Any ideas on how to solve it ? Thank you.

[thebleucheese]

We've seen this happen on slower networks. There's a timeout for the service ticket that can be impacted by the round trip from host to client back to host.

One thing you can try is add or modify the timeToKillInSeconds parameter in /cas/config/cas.properties (default value is 10 seconds)

cas.ticket.st.timeToKillInSeconds=120

If that doesn't fix it, can you provide some more detail on your configuration:

• using localhost to access VECTR or a hostname

• self-signed certificate using openssl command or cert provided from elsewhere

• any modified configuration files or just a straight checkout and run as per the instructions

[Hach0u]

Thank you for your quick reply @thebleucheese, modifying the timeout value didn't help. My configuration is the following:

• Hostname (docker is installed on RedHat so I can't use localhost)
• Self-signed certificate: I used the command provided in the readme
• I didn't modifiy any files, except the ones to solve the CAS issue
• I didn't use deply-xxx.sh script (should I?)

I've seen some errors in the docker-compose. Could it be the reason ?

Step 8/11 : RUN dpkg -i /root/libssl1.0.0_1.0.1t-1+deb8u9_amd64.deb ---> Running in e36b1d88e049 Selecting previously unselected package libssl1.0.0:amd64. (Reading database ... 16627 files and directories currently installed.) Preparing to unpack .../libssl1.0.0_1.0.1t-1+deb8u9_amd64.deb ... Unpacking libssl1.0.0:amd64 (1.0.1t-1+deb8u9) ... Setting up libssl1.0.0:amd64 (1.0.1t-1+deb8u9) ... debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.) debconf: falling back to frontend: Teletype

[carlvonderheid]

The deploy script is not required, though recommended. It will do all these manual settings for you, along with providing an easy path to upgrade for future releases.

When generating the self signed cert, did you modify the "selfSigned.conf" file? There are 2 references to localhost in there that you will have to change to your hostname if you're not using localhost. You can bypass the selfSigned.conf file by doing something recommended by @Selora in #25, using your hostname instead of localhost.

[Hach0u]

Thanks @carlvonderheid. I did a new try by using the script and only filling the hostname with my docker server. I'm having the following error:

[https-openssl-apr-8443-exec-7] ERROR org.jasig.cas.client.util.CommonUtils - Error getting response from host: [XXX] with path: [/cas/p3/serviceValidate] and protocol: [https] Error Message: Connection refused (Connection refused) java.net.ConnectException: Connection refused (Connection refused)

I'll do another manual try by making sure that "selfSigned.conf" is properly configured, or by modifying my hosts file to point sravectr.internal to the docker server.

[carlvonderheid]

@Hach0u Can we verify that this issue is closed?

[Hach0u]

Thanks @carlvonderheid & @thebleucheese . I was able to solve it by using your install script which was prompting for the hostname. I don't know why it failed the last name.

I first try with the default name and modify my hosts file to point to it, which worked fine.

I did it another time with the correct hostname. I had the same issue once. By refreshing the browser, issue was gone.