objects not available in conversation scope, delegated authN?
48 views
Skip to first unread message
Yan Zhou
Oct 7, 2025, 7:17:39 PM (13 days ago) Oct 7
to CAS Community
HI there,
I am using CAS 7.2.5 overlay, delegated authN via SAML. CAS delegates to external IdP.
Via some debug code, i noticed that the conversation Id in DelegatedClientAuthenticationWebflowStateContributor shows as Null, as part of "clientredirect" flow.
Even though login and clientredirect flows are two separate flows, but they are in the same conversation, I do Not understand why it shows Null for the 2nd part and object Not available.
As seen below in DelegatedClientAuthenticationDynamicDiscoveryExecutionAction, I store some value in flow's conversation scope (part of "login" flow), BEFORE user gets redirected to external IdP, I expect the objects are available in the same conversation, but I find it is Null in DelegatedClientAuthenticationWebflowStateContributor.
Via some debug code, i noticed that the conversation Id in DelegatedClientAuthenticationWebflowStateContributor shows as Null, as part of "clientredirect" flow.
Even though login and clientredirect flows are two separate flows, but they are in the same conversation, I do Not understand why it shows Null for the 2nd part and object Not available.
thx!
public class MyDelegatedClientAuthenticationDynamicDiscoveryExecutionAction extends DelegatedClientAuthenticationDynamicDiscoveryExecutionAction {
protected Event doExecuteInternal(final RequestContext requestContext) {
..........
testflow(requestContext);
..........
private void testflow (final RequestContext requestContext) {
// Debug conversation information
LOGGER.info("=== DISCOVERY ACTION START ===");
LOGGER.info("Conversation ID: {}", requestContext.getFlowExecutionContext().getKey());
LOGGER.info("Flow ID: {}", requestContext.getActiveFlow().getId());
LOGGER.info("Current State: {}", requestContext.getCurrentState().getId());
public class MyDelegatedClientAuthenticationWebflowStateContributor extends DefaultDelegatedClientAuthenticationWebflowStateContributor {
@Override
public Map<String, Serializable> store(final RequestContext requestContext, final WebContext webContext,
final Client client) throws Throwable {
testflow(requestContext, webContext);
....................
public void testflow(final RequestContext requestContext, final WebContext webContext) {
LOGGER.info("=== STATE CONTRIBUTOR STORE START ===");
LOGGER.info("Conversation ID: {}", requestContext.getFlowExecutionContext().getKey());
LOGGER.info("Flow ID: {}", requestContext.getActiveFlow().getId());
LOGGER.info("Current State: {}", requestContext.getCurrentState().getId());
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <=== STATE CONTRIBUTOR STORE START ===>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Conversation ID: null>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Flow ID: clientredirect>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Current State: delegatedAuthenticationStoreWebflowState>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Flow scope object: null>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Conversation scope object: null>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Request scope object: null>
public class MyDelegatedClientAuthenticationDynamicDiscoveryExecutionAction extends DelegatedClientAuthenticationDynamicDiscoveryExecutionAction {
protected Event doExecuteInternal(final RequestContext requestContext) {
..........
testflow(requestContext);
..........
private void testflow (final RequestContext requestContext) {
// Debug conversation information
LOGGER.info("=== DISCOVERY ACTION START ===");
LOGGER.info("Conversation ID: {}", requestContext.getFlowExecutionContext().getKey());
LOGGER.info("Flow ID: {}", requestContext.getActiveFlow().getId());
LOGGER.info("Current State: {}", requestContext.getCurrentState().getId());
public class MyDelegatedClientAuthenticationWebflowStateContributor extends DefaultDelegatedClientAuthenticationWebflowStateContributor {
@Override
public Map<String, Serializable> store(final RequestContext requestContext, final WebContext webContext,
final Client client) throws Throwable {
testflow(requestContext, webContext);
....................
public void testflow(final RequestContext requestContext, final WebContext webContext) {
LOGGER.info("=== STATE CONTRIBUTOR STORE START ===");
LOGGER.info("Conversation ID: {}", requestContext.getFlowExecutionContext().getKey());
LOGGER.info("Flow ID: {}", requestContext.getActiveFlow().getId());
LOGGER.info("Current State: {}", requestContext.getCurrentState().getId());
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <=== STATE CONTRIBUTOR STORE START ===>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Conversation ID: null>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Flow ID: clientredirect>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Current State: delegatedAuthenticationStoreWebflowState>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Flow scope object: null>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Conversation scope object: null>
2025-10-07 15:59:26,001 INFO [tomcat-handler-8] [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] - <Request scope object: null>
Ray Bon
Oct 8, 2025, 2:22:05 PM (12 days ago) Oct 8
to cas-...@apereo.org
Do you have the session replication cookies set [1]
cas.authn.pac4j.core.session-replication.cookie.crypto
Ray
From: cas-...@apereo.org <cas-...@apereo.org> on behalf of Yan Zhou <yana...@gmail.com>
Sent: October 7, 2025 13:14
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] objects not available in conversation scope, delegated authN?
Sent: October 7, 2025 13:14
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] objects not available in conversation scope, delegated authN?
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/440520fd-bc8e-43ab-bf98-e351f160c45bn%40apereo.org.
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/440520fd-bc8e-43ab-bf98-e351f160c45bn%40apereo.org.
Yan Zhou
Oct 13, 2025, 4:28:16 PM (7 days ago) Oct 13
to CAS Community, Ray Bon
This is a single instance of CAS running on my laptop, why would there be a need to replicate session?
login and clientredirect flows are two separate flows, but they are in the same conversation, the object should be available in the conversation state, correct (there is only one instance of CAS running)?
Yan
Yan Zhou
Oct 15, 2025, 5:50:58 PM (5 days ago) Oct 15
to CAS Community, Yan Zhou, Ray Bon
I tried that, generating key size 512, but made no difference.
cas.authn.pac4j.core.sessionReplication.cookie.crypto.signing.key=g5u4yeZbOwCMk....JkqKFrg
cas.authn.pac4j.core.sessionReplication.cookie.crypto.encryption.key=VqK-ZHme.........81nQ0w
cas.authn.oauth.session-replication.cookie.crypto.signing.key=AAjPvP.....fxobGSOjqGOnCIw
cas.authn.oauth.session-replication.cookie.crypto.encryption.key=1LruW5k......LXBmow
as I place object in
DelegatedClientAuthenticationDynamicDiscoveryExecutionAction, I cannot get it from DelegatedClientAuthenticationWebflowStateContributor, because it does Not look like it is in conversation.
2025-10-15 15:47:37,809 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <=== DISCOVERY ACTION START ===>
2025-10-15 15:47:37,810 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Conversation ID: c8886eb6-dfe7-.....dTdzOXhKSUY5V0tieGZB>
2025-10-15 15:47:37,810 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Flow ID: login>
2025-10-15 15:47:37,810 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Current State: delegatedAuthenticationProviderDiscoveryExecution>
2025-10-15 15:47:43,324 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Stored QuestDelegatedAuthenticationContext - CAS username [...]>
2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <=== STATE CONTRIBUTOR STORE START ===>
2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <Conversation ID: null>
2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <Flow ID: clientredirect>
2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <Current State: delegatedAuthenticationStoreWebflowState>
2025-10-15 15:47:37,810 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Conversation ID: c8886eb6-dfe7-.....dTdzOXhKSUY5V0tieGZB>
2025-10-15 15:47:37,810 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Flow ID: login>
2025-10-15 15:47:37,810 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Current State: delegatedAuthenticationProviderDiscoveryExecution>
2025-10-15 15:47:43,324 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Stored QuestDelegatedAuthenticationContext - CAS username [...]>
2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <=== STATE CONTRIBUTOR STORE START ===>
2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <Conversation ID: null>
2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <Flow ID: clientredirect>
2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <Current State: delegatedAuthenticationStoreWebflowState>
Reply all
Reply to author
Forward
0 new messages