Thank you for the suggestion, Ray.
I compared the output between 7.2.3 and 7.2.4 and there's no difference.
I dug the changelog for 7.2.4 and spotted a change in
AbstractServiceFactory.java that might be the culprit:
// if (StringUtils.isNotBlank(originalUrl) &&
originalUrl.startsWith("http") && originalUrl.contains("?")) {
if (StringUtils.isNotBlank(originalUrl) &&
SimpleUrlValidator.getInstance().isValid(originalUrl)) {
The commented line was from 7.2.3 and the second line was the newer 7.2.4+
I tried again to rebuild with 7.2.5, but this time I have
AbstractServiceFactory in my overlay and revert above line, and it works.
I wonder if any CAS developer lurking around this mailing list could
comment on this behavior.
On Thursday, 7 August 2025 at 16:29:52 UTC-4 Ray Bon wrote:
> Agus,
>
> There may be property changes to check; Property rename or encryption key
> length changes.
> ./gradlew exportConfigMetadata
> Will create config-metadata.properties; you can search for your
> properties, and in most cases old property descriptions will point to the
> new property.
>
> Ray
>
> ------------------------------
> *From:* [email protected] <[email protected]> on behalf of Agus Santosa
> <[email protected]>
> *Sent:* August 7, 2025 09:21
> *To:* CAS Community <[email protected]>
> *Cc:* Agus Santosa <[email protected]>
> *Subject:* [cas-user] Re: SAML2 service 7.1.x and 7.2.x
>
> Just to add more information, I downloaded a clean fresh version 7.2.5 and
> set it up without any customization.
>
> My json service definition is very basic:
> {
> "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
> "serviceId": "test-saml",
> "name": "testsamlservice",
> "id": 100000999,
> "evaluationOrder" : 101,
> "metadataLocation":
> "file:/appl/sit/cas7/config/cihiServices/agus_metadata.xml"
> }
>
> I am using sample application (
> https://github.com/apereo/saml2-sample-java-webapp) to generate metadata
> and test it.
>
> I have no idea if there's additional configuration needed for v7.2+. I
> tried 7.3 RC and it behaves the same.
> I guess I'm sticking with 7.1.x for now until I can figure out the
> solution.
>
>
> On Wednesday, 6 August 2025 at 10:41:33 UTC-4 Agus Santosa wrote:
>
> Hi,
>
> Does anyone notice any difference between 7.1.x and 7.2.x in terms of
> SAML2 service registry?
> For my case, the same SAML2 service works in 7.1.x, but it is somehow not
> found/authorized in 7.2.x.
>
> This is the log
> 2025-08-06 10:06:48,023 TRACE
> [org.apereo.cas.services.mgmt.AbstractServicesManager] - <Service
> [local-saml-test] is not cached; Searching [JsonServiceRegistry]>
> 2025-08-06 10:06:48,025 TRACE
> [org.apereo.cas.support.saml.services.SamlIdPServicesManagerRegisteredServiceLocator]
>
> - <Reviewing service attributes
> [{headers={jakarta.servlet.http.HttpServletRequest.header-host=[localhost:8543],
>
> jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0
> (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0],
> jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8],
>
> jakarta.servlet.http.HttpServletRequest.header-accept-language=[en-US,en;q=0.5],
>
> jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip,
> deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-referer=[
> https://localhost:9876/],
> jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive],
> jakarta.servlet.http.HttpServletRequest.header-cookie=[JSESSIONID=4A46B00617D6A13EA14E9F3E74A3D75D;
>
> _mkto_trk=id:287-VKI-861&token:_mch-localhost-c73c7200637fdabf3d894f21c3c7ef29;
>
> org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=en-US],
> jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1],
> jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document],
> jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate],
> jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[same-site],
> jakarta.servlet.http.HttpServletRequest.header-priority=[u=0, i]},
> RelayState=[saml-sp-relay-state], service=[
> https://localhost:8543/cas/idp/profile/SAML2/Callback?srid=a4g6f37hb5g945je30da1e82j6bh8i7&entityId=local-saml-test],
>
> httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET],
> jakarta.servlet.http.HttpServletRequest.requestURL=[
> https://localhost:8543/cas/login],
> jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/login],
> jakarta.servlet.http.HttpServletRequest.requestId=[1],
> jakarta.servlet.http.HttpServletRequest.contextPath=[/cas],
> jakarta.servlet.http.HttpServletRequest.localeName=[kubernetes.docker.internal]},
>
> cookies={jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[4A46B00617D6A13EA14E9F3E74A3D75D],
>
> jakarta.servlet.http.HttpServletRequest.cookie-_mkto_trk=[id:287-VKI-861&token:_mch-localhost-c73c7200637fdabf3d894f21c3c7ef29],
>
> jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[en-US]},
>
> org.apereo.cas.authentication.principal.Service=[
> https://localhost:8543/cas/idp/profile/SAML2/Callback?srid=a4g6f37hb5g945je30da1e82j6bh8i7&entityId=local-saml-test]}]
>
> for service id [local-saml-test] to match registered service
> [localsamltest]>
> 2025-08-06 10:06:48,026 TRACE
> [org.apereo.cas.services.mgmt.AbstractServicesManager] - <No service
> definition was provided>
> 2025-08-06 10:06:48,055 WARN
> [org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter]
>
> - <Service [AbstractWebApplicationService(id=local-saml-test,
> originalUrl=local-saml-test, artifactId=null, principal=null,
> source=service, tenant=null, loggedOutAlready=false, format=XML,
> attributes={headers={jakarta.servlet.http.HttpServletRequest.header-host=[localhost:8543],
>
> jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0
> (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0],
> jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8],
>
> jakarta.servlet.http.HttpServletRequest.header-accept-language=[en-US,en;q=0.5],
>
> jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip,
> deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-referer=[
> https://localhost:9876/],
> jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive],
> jakarta.servlet.http.HttpServletRequest.header-cookie=[JSESSIONID=4A46B00617D6A13EA14E9F3E74A3D75D;
>
> _mkto_trk=id:287-VKI-861&token:_mch-localhost-c73c7200637fdabf3d894f21c3c7ef29;
>
> org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=en-US],
> jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1],
> jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document],
> jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate],
> jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[same-site],
> jakarta.servlet.http.HttpServletRequest.header-priority=[u=0, i]},
> RelayState=[saml-sp-relay-state], service=[
> https://localhost:8543/cas/idp/profile/SAML2/Callback?srid=a4g6f37hb5g945je30da1e82j6bh8i7&entityId=local-saml-test],
>
> httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET],
> jakarta.servlet.http.HttpServletRequest.requestURL=[
> https://localhost:8543/cas/login],
> jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/login],
> jakarta.servlet.http.HttpServletRequest.requestId=[1],
> jakarta.servlet.http.HttpServletRequest.contextPath=[/cas],
> jakarta.servlet.http.HttpServletRequest.localeName=[kubernetes.docker.internal]},
>
> cookies={jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[4A46B00617D6A13EA14E9F3E74A3D75D],
>
> jakarta.servlet.http.HttpServletRequest.cookie-_mkto_trk=[id:287-VKI-861&token:_mch-localhost-c73c7200637fdabf3d894f21c3c7ef29],
>
> jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[en-US]},
>
> org.apereo.cas.authentication.principal.Service=[
> https://localhost:8543/cas/idp/profile/SAML2/Callback?srid=a4g6f37hb5g945je30da1e82j6bh8i7&entityId=local-saml-test]})]
>
> is not authorized>
>
>
> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc9b98ad-3f4d-4b5d-9fc9-59efaa584edan%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc9b98ad-3f4d-4b5d-9fc9-59efaa584edan%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2c40c700-aa9b-495b-a940-9ecca9b43902n%40apereo.org.
