Preethy, I suggest you move to the latest version 7.2.x or 7.3 [1] You will have to verify configuration properties since some names have changed; and regenerate some keys because minimum key lengths have changed; and update any custom code. Java and tomcat will also have to be upgraded.
You can build with (even if you have custom code): ./gradlew build What kind of build process are you using? It is very possible that the problem you are having has been fixed in the intervening years. [2] Ray Note: you do not need to go through a stepwise upgrade process. [1] https://github.com/apereo/cas-overlay-template [2] https://apereo.github.io/cas/7.3.x/authentication/Azure-ActiveDirectory-Authentication.html ________________________________ From: [email protected] <[email protected]> on behalf of Preethy Venkat <[email protected]> Sent: October 6, 2025 18:09 To: CAS Community <[email protected]> Subject: [cas-user] PKCE Code Verifier Issue on CAS 6.2.8 and Build Failures During Upgrade to 6.4.6 You don't often get email from [email protected]. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hi CAS Team, We are currently facing an issue with CAS 6.2.8 while integrating with Microsoft Entra ID (Azure AD) for OIDC authentication. The flow fails during PKCE verification with the following error from Azure: AADSTS50148: The code_verifier does not match the code_challenge supplied in the authorization request. We understand that PKCE compliance is improved in later CAS versions, so we attempted to upgrade our deployment to CAS 6.4.6 to align with Microsoft requirements. However, our Gradle-based build pipeline failed repeatedly due to dependency resolution conflicts and version mismatches, preventing a successful build. We would like to raise a ticket to get guidance on the following: - Which CAS version fully supports PKCE for Azure AD integration - Recommended dependency or Gradle configuration adjustments when upgrading from 6.2.8 to 6.4.x or newer Environment: - CAS version: 6.2.8 - Target upgrade version: 6.4.6 - Java: 11 - Spring Boot: 2.2.8.RELEASE - Build Tool: Gradle - Integration: Microsoft Entra ID (Azure AD) We can share sanitized logs or dependency trees if required. Any help or direction from the CAS community would be appreciated. Thanks, Preethy Venkat -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8ba9df2d-3cc8-4cf9-b7d6-3829907e365cn%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/8ba9df2d-3cc8-4cf9-b7d6-3829907e365cn%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB00810B853426F137F64F0C26CEE0A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.
