CAS 6.3.4 and Shibboleth Entity ID

[Geng, Kelly]

Hi All,

We are in the middle of upgrading CAS from 6.0.4 to 6.3.4. We had Shibboleth integrated so that it authenticates against CAS, documented in here, and we also configured each Shib entityId as a normal service definition so we can configure multi-factor based on the service. We had the following property configured according to the documentation and some prior discussions in this group:

cas.authn.shibIdp.serverUrl=https://shib.ourschool.edu

It has been working for 6.0.4, but after we upgraded to 6.3.4, this property is causing the service ticket validation fail because of the following error in the log:

2021-08-10 05:13:50,875 ERROR [org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket [ST-2746-m-ri8Vnd-mCpTAfFM1J-kICX7oI-mualcasp26] with service [https://entityId.service.url/shibboleth] does not match supplied service [https://shib.outschool.edu/idp/Authn/External?conversation=e1s1]>

We are able to prove that removing the property from cas.properties fix the issue. We wanted to confirm that the property is no longer needed because of some changes being made on CAS or Shib side. Does anyone know?

Thanks

--

Kelly Geng

Miami University