Hi,
I've just discovered an error present since CAS 6.5.0, maybe it also relates to your problem:
It seems like by accident, in
this commit, a call to
enforceRegisteredServiceAccess() was removed from the
grantServiceTicket() method (while being left in the other methods), which leads to
NullPointerException from
ensureServiceSsoAccessIsAllowed() (and 500 Internal Server Error) when an
authenticated client asks for a service
which is not registered.
So maybe you've got problem in registering / matching service successfully, seeing this error as a result? Even though you write "before user authentication", so you say your flow is different?
I wonder if CAS authors can fix this themselves, or is it better to create a PR for this seemingly trivial fix (i.e. put back the removed line) ourselves?