WSFederation and OpenId Connect incompatibility

[Jérôme Rautureau]

Hello guys,

I am on the CAS 7.3.5 docker image version.

I have just activated the ws federation through adding implementation "org.apereo.cas:cas-server-support-ws-sts:${project.'cas.version'}" to my graddle file and configure it with the appropriate properties. I do have the correct working ws endpoint on /cas/ws/idp/metadata.

But now i have issues with previous registered org.apereo.cas.services.OidcRegisteredService services (OIDC classic service)

don't know why but CAS fails with this error : 

cas-cas-server_ssoagents.2.j0tf9wms9bqw@api-09-prd    | {"@timestamp":"2026-03-27T16:20:58.018Z","log.level":"ERROR","message":"java.net.URISyntaxException: Illegal character in scheme name at index 0: ^https://www.domain.tld/.+\n\tUnchecked.java:lambda$static$0:61\n\tUnchecked.java:lambda$supplier$38:1698\n\tFunctionUtils.java:doUnchecked:476\n\tWSFederationAuthenticationServiceSelectionStrategy.java:getRealmAsParameter:40\n", "ecs.version": "1.2.0","service.name":"auth-cas7","service.environment":"prod","event.dataset":"auth-cas7","process.thread.name":"tomcat-handler-3188","log.logger":"org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController"

My service org.apereo.cas.services.OidcRegisteredService definition is a regex and fails on the "^" character, when without the ws module it's working perfectly (i have regexps with | ou  characters). I had to simplify my definition service and using a correct syntax for the java net uri and now i's working with the module. 

I'm using now : serviceId: https://www.domain.tld/xxxx/signin-oidc (no regexp...). 

But i have a lot of other service definitions with regex ^ and | characters. I can't do that on all my definitions. i have a regexp which catches 50 APIs and 10 domains...definitely can't split them into 500 service definitions without regexp...

Thanks for your help.  

--

Jérôme Rautureau