Hi Ray, I do, I have both the signing and encryption key configs set. Like this: cas.authn.saml-idp.core.session-replication.cookie.crypto.signing.key=<a signing key> cas.authn.saml-idp.core.session-replication.cookie.crypto.encryption.key=<an encryption key> The values are replicated across each host in the cluster.
On Friday, June 27, 2025 at 3:25:25 PM UTC-4 Ray Bon wrote: > Jeremiah, > > Do you have a session-replication.cookie configured? > > https://apereo.github.io/cas/7.2.x/authentication/Configuring-SAML2-Authentication.html > under > Signing & Encryption tab > > > Ray > ------------------------------ > *From:* 'Jeremiah Garmatter' via CAS Community <cas-...@apereo.org> > *Sent:* June 27, 2025 10:59 > *To:* CAS Community <cas-...@apereo.org> > *Subject:* [cas-user] SAML2 IdP Error > > Hello, > > I run CAS 7.2.1 in a cluster with Hazelcast ticket registry and SAML2 > support. I have a strange issue. > Most users can log in to SAML2 services without any trouble, however, some > users receive an error every time they attempt a login. > See attachment for the error message. > The majority of users may see this message once in a blue moon. Revisiting > the SP will correct the problem. This doesn't work for a very small group > of my users though. > We've tried troubleshooting the web browser by clearing browser cache, > disabling browser plugins, private browser window, different browsers, > different devices, and I've asked them to try different networks but none > of that corrected their issues. > > I changed the SAML session storage to: > cas.authn.saml-idp.core.session-storage-type=TICKET_REGISTRY > but that didn't fix their issues either. > > Has anyone seen this problem before or have any advice to fix it? > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1464f6f7-ac64-4962-b08f-8f0cb20c7443n%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1464f6f7-ac64-4962-b08f-8f0cb20c7443n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e328b89c-6afc-431b-adfe-ee0d5f9e1db0n%40apereo.org.
