Hi all, We encountered an issue where users were encountering the "Application Not Authorized to Use CAS" error when attempting to log in.
Upon investigation, we found that CAS was encountering difficulties retrieving metadata. Here are the relevant log entries: 2024-03-29 09:46:31,272 ERROR [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Cannot invoke "org.apereo.cas.support.saml.services.idp.metadata.cache.CachedMetadataResolverResult.getMetadataResolver()" because the return value of "org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver.resolve(org.apereo.cas.support.saml.services.SamlRegisteredService, net.shibboleth.shared.resolver.CriteriaSet)" is null SamlRegisteredServiceMetadataAdaptor.java:get:98 SamlRegisteredServiceMetadataAdaptor.java:lambda$get$0:70 Optional.java:map:260 > 2024-03-29 09:46:31,272 WARN [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <No metadata could be found for [https://service-provider.com]> 2024-03-29 09:46:31,272 WARN [org.apereo.cas.util.function.FunctionUtils] - <Cannot find metadata linked to https://service-provider.com UnauthorizedServiceException.java:denied:60 AbstractSamlIdPProfileHandlerController.java:verifySamlAuthenticationRequest:382 AbstractSamlIdPProfileHandlerController.java:initiateAuthenticationRequest:245 > 2024-03-29 09:46:31,272 ERROR [org.apereo.cas.web.support.WebUtils] - <Cannot find metadata linked to https://service-provider.com UnauthorizedServiceException.java:denied:60 AbstractSamlIdPProfileHandlerController.java:verifySamlAuthenticationRequest:382 AbstractSamlIdPProfileHandlerController.java:initiateAuthenticationRequest:245 > Here is what we have observed: 1. The error occurred within a 5-minute window and has not recurred since. 2. Multiple services were affected during this time, with some metadata files saved locally and others accessed via URLs. 3. Only SAML protocol services were affected; CAS protocol services remained unaffected. Have you experienced similar issue or having an insight about why it happened? Thank you, Ocean -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b44e36ac-07ad-4b93-a344-7c3e061978dfn%40apereo.org.
