Hi, We are having CAS as OAuth client and then delegating authentication with SAML2 through 3rd party. Now after version 7.1.1 the login is still seemingly successful but redirects now back to CAS login page instead of a 3rd party site which it did before.
I noticed that we now get this in the logs: DEBUG org.apereo.cas.support.oauth.web.OAuth20TicketGrantingTicketAwareSecurityLogic - No ticket-granting ticket => No user profiles found Then debugged and found that this change broke it for us: https://github.com/apereo/cas/commit/6d904540aa70363b301b8690814b57f043972fee More exactly removal of this part: if (ticketGrantingTicket == null && !ticketGrantingTicketCookieGenerator.containsCookie(request)) { try { ticketGrantingTicket = manager.getProfile() .map(profile -> profile.getAttribute(TicketGrantingTicket.class.getName())) .map(ticketId -> ticketRegistry.getTicket(ticketId.toString(), TicketGrantingTicket.class)) .orElse(null); } catch (final Exception e) { LOGGER.trace("Cannot find active ticket-granting ticket: [{}]", e.getMessage()); } } return ticketGrantingTicket; There still is this CookieUtils but it seems our configuration does not find the ticket from this: CookieUtils.getTicketGrantingTicketFromRequest( ticketGrantingTicketCookieGenerator, ticketRegistry, request); Commit message says "do not rely on profile mgmr to fetch tgt" and so I'm thinking maybe we have wrong configuration as this CookieUtils doesn't find the ticket? And to be clear that "ticketRegistry" with "manager.getProfile()" does find it but is no longer in the code. Thank you. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/626494c8-badd-4a90-a4a8-098b752460aan%40apereo.org.
