Post CAS 7.1.1 OAuth20TicketGrantingTicketAwareSecurityLogic not finding the ticket

[Rein R]

Hi, We are having CAS as OAuth client and then delegating authentication with SAML2 through 3rd party. Now after version 7.1.1 the login is still seemingly successful but redirects now back to CAS login page instead of a 3rd party site which it did before.

I noticed that we now get this in the logs:

DEBUG org.apereo.cas.support.oauth.web.OAuth20TicketGrantingTicketAwareSecurityLogic - No ticket-granting ticket => No user profiles found

Then debugged and found that this change broke it for us:

https://github.com/apereo/cas/commit/6d904540aa70363b301b8690814b57f043972fee

More exactly removal of this part:

if (ticketGrantingTicket == null && !ticketGrantingTicketCookieGenerator.containsCookie(request)) {

try {

ticketGrantingTicket = manager.getProfile()

.map(profile -> profile.getAttribute(TicketGrantingTicket.class.getName()))

.map(ticketId -> ticketRegistry.getTicket(ticketId.toString(), TicketGrantingTicket.class))

.orElse(null);

} catch (final Exception e) {

LOGGER.trace("Cannot find active ticket-granting ticket: [{}]", e.getMessage());

}

}

return ticketGrantingTicket;

There still is this CookieUtils but it seems our configuration does not find the ticket from this:

CookieUtils.getTicketGrantingTicketFromRequest(

ticketGrantingTicketCookieGenerator, ticketRegistry, request);

Commit message says "do not rely on profile mgmr to fetch tgt" and so I'm thinking maybe we have wrong configuration as this CookieUtils doesn't find the ticket? And to be clear that "ticketRegistry" with "manager.getProfile()" does find it but is no longer in the code.

Thank you.