Jérôme would know best, but I think OAuth support in CAS requires some sort of sticky session or session replication. Certain parameters are stored into the web session prior to redirects and retrieved afterwards, and the session is obviously local. This seems like something that can be improved further.
From: [email protected] [mailto:[email protected]] On Behalf Of Shailesh Deshpande Sent: Friday, February 19, 2016 2:42 PM To: CAS Community <[email protected]> Subject: [cas-user] oauth20_callbackUrl is missing from the session and can not be retrieved I am using <http://www.apereo.org/cas> Apereo Central Authentication Service 4.1.4 version. I have configured two tomcat servers in the cluster. Both servers have CAS-oAuth2.0 support enabled. In order to test, I have a sample oAuth 2.0 client which is requesting the access through my server. I am using Hazelcast for the Service Registry. The server is responding correctly without server clustering. However, when two servers are running, the callbackAuthorize method is erring with error oauth20_callbackUrl is missing from the session and can not be retrieved. Please review the logs without and with clustering below. The CAS documentation does not ask for the session replication across the servers. So is there something that I am missing? I will really appreciate someone can help me immediately to resolve this. ###### Debug log with clustering on ########## [DEBUG] 2016-02-19 16:23:39,626 [http-nio-8080-exec-3] [] org.jasig.cas.support.oauth.web.BaseOAuthWrapperController debug - method : callbackAuthorize [DEBUG] 2016-02-19 16:23:39,626 [http-nio-8080-exec-3] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - ticket : null [DEBUG] 2016-02-19 16:23:39,626 [http-nio-8080-exec-3] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - oauth20_callbackUrl : null [ERROR] 2016-02-19 16:23:39,626 [http-nio-8080-exec-3] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController error - oauth20_callbackUrl is missing from the session and can not be retrieved. ###### Debug log with clustering OFF ########## [DEBUG] 2016-02-19 16:24:54,538 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.BaseOAuthWrapperController debug - method : callbackAuthorize [DEBUG] 2016-02-19 16:24:54,539 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - ticket : ST-8-ZCQEDMoSFN63RmZOXB5P-qual.cas.laureate.net [DEBUG] 2016-02-19 16:24:54,539 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - oauth20_callbackUrl : https://qual.cas.laureate.net/OAuth2TestApp/oauth2callback [DEBUG] 2016-02-19 16:24:54,540 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - oauth20_state : null [DEBUG] 2016-02-19 16:24:54,540 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - oauth20_callbackUrl : https://qual.cas.laureate.net/OAuth2TestApp/oauth2callback?code=ST-8-ZCQEDMoSFN63RmZOXB5P-qual.cas.laureate.net [DEBUG] 2016-02-19 16:24:54,540 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - bypassApprovalPrompt : false [DEBUG] 2016-02-19 16:24:54,541 [http-nio-8080-exec-6] [] org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController debug - serviceName : SampleOauthClient -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
