CAS 6.6.8
A couple of problems with Azure AD delegated login via pac4j ODIC out of
the box button click feature.
1) Two TGC cookies are being created, the 2nd with an empty value. This is
causing the TGC not being available and my session is not being created.
actuator/sso even returns back a 400. To get around this I commented a line
of code from InitialFlowSetupAction.java. That seems to get around this
issue but I'm not certain if I'm causing other issues.
2) I see a DISSESSION cookie being created at login. I don't recall seeing
this cookie before enabling delegated login to Azure AD. The problem that
I'm seeing with this is that I get a 500 error when logging out.
2024-01-08 15:29:13,937 ERROR
[org.springframework.boot.web.servlet.support.ErrorPageFilter] (default
task-454) Forwarding to error page from request [/logout]
due to exception [Exception thrown executing
org.apereo.cas.web.flow.actions.DelegatedAuthenticationClientLogoutAction@4120bab
in state 'terminateSession' of flow 'logout'
-- action execution attributes were 'map[[empty]]']:
org.springframework.webflow.execution.ActionExecutionException:
Exception thrown executing
org.apereo.cas.web.flow.actions.DelegatedAuthenticationClientLogoutAction@4120bab
in state 'terminateSession' of
flow 'logout' -- action execution attributes were 'map[[empty]]'
.
.
.
Caused by: java.lang.ClassCastException: class java.lang.String cannot be
cast to class org.pac4j.core.profile.UserProfile (java.lang.String is in
module java.base of loader 'bootstrap';
org.pac4j.core.profile.UserProfile is in unnamed module of loader
'deployment.cas.war' @512a9b9)
at
deployment.cas.war//org.pac4j.core.profile.ProfileManager.removeOrRenewExpiredProfiles(ProfileManager.java:98)
at
deployment.cas.war//org.pac4j.core.profile.ProfileManager.retrieveAll(ProfileManager.java:89)
at
deployment.cas.war//org.pac4j.core.profile.ProfileManager.getProfile(ProfileManager.java:50)
If I manually delete the cookie after login, I see my session is still
active, actuator/sso returns 200 with session info, and logout is not an
issue.
-psv
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf2f353b-94f6-43eb-a650-8e7dee58a0c6n%40apereo.org.
