SAML IdP metadata initialization fails to recover from partially generated metadata

33 views
Skip to first unread message

Atin Agarwal

unread,
Feb 23, 2026, 1:17:37 AM (3 days ago) Feb 23
to CAS Community
We are observing a recovery issue related to SAML IdP metadata initialization when using Apereo CAS.

Apereo CAS is skipping SAML IdP metadata generation if the metadata directory already exists.

In some scenario we observed that - 
  1. CAS starts
  2. Metadata generation begins
  3. A unknown failure occurs during file creation
  4. The metadata directory remains partially populated

On subsequent startup:

  1. CAS detects that the directory exists
  2. CAS does not attempt regeneration
  3. Missing files (e.g.,idp-signing.crt) are not recreated
  4. CAS startup fails
  5. Pod enters restart loop
In our case, because the directory is mounted on persistent storage(Gluster fs), it is not cleared between pod restarts. Therefore, the system remains in a permanently broken state unless manual intervention occurs (deleting metadata files).

Is it a known issue?
Reply all
Reply to author
Forward
0 new messages