[error] [client xx.xx.xx.xx] do_gss_spnego_accept: VAS_ERR_INTERNAL: Internal error\n First call to gss_accept_sec_context() failed, minor_status = -1765328350, result = 2, display_status = "duplicate per-message token detected", Mechanism-Specific error text: "Request is a replay"
Product defects fixed in 126.96.36.19948 version and up:
* api: If GSS_C_REPLAY_FLAG is not set, don't apply the replay cache.
This should fix apache/MAV re-authenticating multiple parts of a page. Another method is being used now.
Fixed in Mod-Auth-VAS 188.8.131.52 and up:
Code changes were made in Mod-Auth-Vas 184.108.40.206 to address the replay issue.
1 - Upgrade to Authentication Services 4.1 Maintenance Release
The above link contains the Changelog.txt attached which describes the defects fixed in the Maintenance release.
2 - Upgrade to MAV 220.127.116.11 for Apache 2.2 or to MAV 18.104.22.168-1 for Apache 2.4
It is available by going to https://github.com/OneIdentity/mod_auth_vas/
3 - Restart all instances of Apache or reboot the server