Do you have the session replication cookies set [1] cas.authn.pac4j.core.session-replication.cookie.crypto
Ray [1] https://apereo.github.io/cas/7.2.x/integration/Delegate-Authentication.html ________________________________ From: [email protected] <[email protected]> on behalf of Yan Zhou <[email protected]> Sent: October 7, 2025 13:14 To: CAS Community <[email protected]> Subject: [cas-user] objects not available in conversation scope, delegated authN? HI there, I am using CAS 7.2.5 overlay, delegated authN via SAML. CAS delegates to external IdP. As seen below in DelegatedClientAuthenticationDynamicDiscoveryExecutionAction, I store some value in flow's conversation scope (part of "login" flow), BEFORE user gets redirected to external IdP, I expect the objects are available in the same conversation, but I find it is Null in DelegatedClientAuthenticationWebflowStateContributor. Via some debug code, i noticed that the conversation Id in DelegatedClientAuthenticationWebflowStateContributor shows as Null, as part of "clientredirect" flow. Even though login and clientredirect flows are two separate flows, but they are in the same conversation, I do Not understand why it shows Null for the 2nd part and object Not available. thx! public class MyDelegatedClientAuthenticationDynamicDiscoveryExecutionAction extends DelegatedClientAuthenticationDynamicDiscoveryExecutionAction { protected Event doExecuteInternal(final RequestContext requestContext) { .......... testflow(requestContext); .......... private void testflow (final RequestContext requestContext) { // Debug conversation information LOGGER.info("=== DISCOVERY ACTION START ==="); LOGGER.info("Conversation ID: {}", requestContext.getFlowExecutionContext().getKey()); LOGGER.info("Flow ID: {}", requestContext.getActiveFlow().getId()); LOGGER.info("Current State: {}", requestContext.getCurrentState().getId()); public class MyDelegatedClientAuthenticationWebflowStateContributor extends DefaultDelegatedClientAuthenticationWebflowStateContributor { @Override public Map<String, Serializable> store(final RequestContext requestContext, final WebContext webContext, final Client client) throws Throwable { testflow(requestContext, webContext); .................... public void testflow(final RequestContext requestContext, final WebContext webContext) { LOGGER.info("=== STATE CONTRIBUTOR STORE START ==="); LOGGER.info("Conversation ID: {}", requestContext.getFlowExecutionContext().getKey()); LOGGER.info("Flow ID: {}", requestContext.getActiveFlow().getId()); LOGGER.info("Current State: {}", requestContext.getCurrentState().getId()); 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <=== STATE CONTRIBUTOR STORE START ===> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Conversation ID: null> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Flow ID: clientredirect> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Current State: delegatedAuthenticationStoreWebflowState> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Flow scope object: null> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Conversation scope object: null> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Request scope object: null> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/440520fd-bc8e-43ab-bf98-e351f160c45bn%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/440520fd-bc8e-43ab-bf98-e351f160c45bn%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YT4P288MB0086C8C01065951FAA66429ACEE1A%40YT4P288MB0086.CANP288.PROD.OUTLOOK.COM.
