Hi Baron, > ... shared session mechanism ... I agree with Travis, without shared session some function (e.g. OAuth, pac4j...) of CAS might not work properly.
To verified that shared session might or might not be a problem, *try minimize your cluster to only a single node*, if that worked, then it will likely be the problem of shared session. > Debug log The problem is definitely not in [/oauth2.0/callbackAuthorize], it is in the validation of CAS ticket. Other might have a better idea, I am not too familiar with CAS ticket and how that is validated. > while we have medium to longer term plans to upgrade to 5.3, upgrading from 5.0 is not an option in the short term Well if you have a development environment, then it might worth your time to check it out, if all the other methods failed that is. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/355c4281-e2cc-4af2-bd50-e22df4e76eb3%40apereo.org.