OAuth doesn't work since version 6.6.6

62 views
Skip to first unread message

M. Ebrahimi

unread,
Apr 3, 2023, 8:23:25 AM4/3/23
to CAS Community

Hello

I recently updated CAS from 6.6.4 to 6.6.6 and found that it is not possible to log in with OAuth.

This problem also exists in version 6.6.7.

The error that occurs when entering is as follows:

ERROR [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - <Cannot read/parse [{"@class":"org.apereo.cas.ticket.code.OAuth20DefaultCode","@id":1,"expirationPolicy":{"@class":"org.apereo.cas.ticket.code...] to deserialize into type [class org.apereo.cas.ticket.code.OAuth20DefaultCode]. This may be caused in the absence of a configuration/support module that knows how to interpret the fragment, specially if the fragment describes a CAS registered service definition. Internal parsing error is [Cannot construct instance of `org.apereo.cas.validation.ImmutableAssertion` (no Creators, like default constructor, exist): cannot deserialize from Object value (no delegate- or property-based Creator)

I think this problem is related to these changes:

https://github.com/apereo/cas/commit/168229396375e1b9174b68fa362a36321d6ffbe9#diff-5221bf1d5f9d971f9b0fbec9775920e52bd2266c2ab9dfaff32ee0430d46f2cc

M. Ebrahimi

unread,
Apr 4, 2023, 7:52:55 AM4/4/23
to CAS Community, M. Ebrahimi
We use MongoDB 5.0 for ticket registry and there seems to be no problem with default (in-memory) ticket registry.

M. Ebrahimi

unread,
Apr 10, 2023, 9:39:08 AM4/10/23
to CAS Community, M. Ebrahimi
For reference I had to change the ImmutableAssertion class to the following to fix this error:

@ToString
-- @RequiredArgsConstructor
@EqualsAndHashCode
@Getter
public class ImmutableAssertion implements Assertion {

    private static final long serialVersionUID = -3348826049921010423L;

++    @JsonCreator
++    public ImmutableAssertion(@JsonProperty("primaryAuthentication") Authentication primaryAuthentication,
++                              @JsonProperty("originalAuthentication") Authentication originalAuthentication,
++                              @JsonProperty("chainedAuthentications") List<Authentication> chainedAuthentications,
++                              @JsonProperty("fromNewLogin") boolean fromNewLogin,
++                              @JsonProperty("service") WebApplicationService service,
++                              @JsonProperty("registeredService") RegisteredService registeredService,
++                              @JsonProperty("context") Map<String, Serializable> context) {
++        this.primaryAuthentication = primaryAuthentication;
++        this.originalAuthentication = originalAuthentication;
++        this.chainedAuthentications = chainedAuthentications;
++        this.fromNewLogin = fromNewLogin;
++        this.service = service;
++        this.registeredService = registeredService;
++        this.context = context;
++    }

    /**
     * Primary authentication.
     */
    private final @NonNull Authentication primaryAuthentication;



Apparently there is a problem like below between Lombok and Jackson:
Reply all
Reply to author
Forward
0 new messages