I managed to resolve this. My issue was that there was a principalAttribute that was too large, and then the ID token was becoming too big and not being set. I turned off the include-id-token-claims property and this fixed the issue..
I wished there was some warning in the logs about the ID token being too big, there was nothing. Em sábado, 28 de setembro de 2024 às 00:49:21 UTC-3, Alcides Moraes escreveu: > I have configured the OIDC Sample app for debugging this. ( > https://github.com/apereo/oidc-sample-java-webapp) > It is working against my 6.6.15 installation with 2 instances. > When upgrading to 7.0.0, it goes into Too Many Redirects Loop, and then > CAS shows this error page: > > CAS is unable to process this request: "500:Internal Server Error" > There was an error trying .... etc etc > Error: INVALID_TICKET > > I deployed it again with only one instance thinking it could be some > session replication / hazelcast issue. > But it still behaves the same. > > Em sexta-feira, 27 de setembro de 2024 às 00:43:29 UTC-3, Alcides Moraes > escreveu: > >> Hello all >> >> I have a very stable CAS 6.6.15.1 running on rancher2/kubernetes, with >> Hazelcast ticket registry and Kubernetes discovery. >> >> When upgrading to 7.0.7, apart from the usual pom version updates and a >> few adjustments to my custom theme, everything seemed to work. >> >> However, OIDC clients cannot authenticate anymore. They either get into >> infinite 302 loops "Too Many Redirects" or they error out on their end. >> With absolute no warning/errors on CAS logs. >> >> There's absolute zero code customizations, all libraries are coming from >> CAS itself. >> >> I have tried updating to 7.1.0, going back to 7.0.0, removing my custom >> theme, nothing fixes it >> >> Any help on how to debug this is appreciated >> > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3b34b721-e5c0-46cd-814e-ff1237e535abn%40apereo.org.
