I tried that, generating key size 512, but made no difference. cas.authn.pac4j.core.sessionReplication.cookie.crypto.signing.key= g5u4yeZbOwCMk....JkqKFrg cas.authn.pac4j.core.sessionReplication.cookie.crypto.encryption.key= VqK-ZHme.........81nQ0w cas.authn.oauth.session-replication.cookie.crypto.signing.key= AAjPvP.....fxobGSOjqGOnCIw cas.authn.oauth.session-replication.cookie.crypto.encryption.key= 1LruW5k......LXBmow
as I place object in DelegatedClientAuthenticationDynamicDiscoveryExecutionAction, I cannot get it from DelegatedClientAuthenticationWebflowStateContributor, because it does Not look like it is in conversation. 2025-10-15 15:47:37,809 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <=== DISCOVERY ACTION START ===> 2025-10-15 15:47:37,810 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Conversation ID: c8886eb6-dfe7-.....dTdzOXhKSUY5V0tieGZB> 2025-10-15 15:47:37,810 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Flow ID: login> 2025-10-15 15:47:37,810 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Current State: delegatedAuthenticationProviderDiscoveryExecution> 2025-10-15 15:47:43,324 INFO [tomcat-handler-12] [org.apereo.cas.web.flow.actions.QuestDelegatedClientAuthenticationDynamicDiscoveryExecutionAction] - <Stored QuestDelegatedAuthenticationContext - CAS username [...]> 2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <=== STATE CONTRIBUTOR STORE START ===> 2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <Conversation ID: null> 2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <Flow ID: clientredirect> 2025-10-15 15:47:51,818 INFO [tomcat-handler-13] [org.apereo.cas.web.flow.QuestDelegatedClientAuthenticationWebflowStateContributor] - <Current State: delegatedAuthenticationStoreWebflowState> On Monday, October 13, 2025 at 4:28:16 PM UTC-4 Yan Zhou wrote: > This is a single instance of CAS running on my laptop, why would there be > a need to replicate session? > > login and clientredirect flows are two separate flows, but they are in the > same conversation, the object should be available in the conversation > state, correct (there is only one instance of CAS running)? > > Yan > > On Wednesday, October 8, 2025 at 2:22:05 PM UTC-4 Ray Bon wrote: > >> Do you have the session replication cookies set [1] >> cas.authn.pac4j.core.session-replication.cookie.crypto >> >> Ray >> [1] >> https://apereo.github.io/cas/7.2.x/integration/Delegate-Authentication.html >> ------------------------------ >> *From:* [email protected] <[email protected]> on behalf of Yan Zhou < >> [email protected]> >> *Sent:* October 7, 2025 13:14 >> *To:* CAS Community <[email protected]> >> *Subject:* [cas-user] objects not available in conversation scope, >> delegated authN? >> >> HI there, >> >> I am using CAS 7.2.5 overlay, delegated authN via SAML. CAS delegates >> to external IdP. >> >> As seen below in >> DelegatedClientAuthenticationDynamicDiscoveryExecutionAction, I store some >> value in flow's conversation scope (part of "login" flow), BEFORE user gets >> redirected to external IdP, I expect the objects are available in the same >> conversation, but I find it is Null in >> DelegatedClientAuthenticationWebflowStateContributor. >> >> Via some debug code, i noticed that the conversation Id in >> DelegatedClientAuthenticationWebflowStateContributor shows as Null, as part >> of "clientredirect" flow. >> >> Even though login and clientredirect flows are two separate flows, but >> they are in the same conversation, I do Not understand why it shows Null >> for the 2nd part and object Not available. >> >> thx! >> >> public class >> MyDelegatedClientAuthenticationDynamicDiscoveryExecutionAction extends >> DelegatedClientAuthenticationDynamicDiscoveryExecutionAction { >> >> protected Event doExecuteInternal(final RequestContext requestContext) >> { >> .......... >> testflow(requestContext); >> .......... >> >> private void testflow (final RequestContext requestContext) { >> // Debug conversation information >> LOGGER.info("=== DISCOVERY ACTION START ==="); >> LOGGER.info("Conversation ID: {}", >> requestContext.getFlowExecutionContext().getKey()); >> LOGGER.info("Flow ID: {}", >> requestContext.getActiveFlow().getId()); >> LOGGER.info("Current State: {}", >> requestContext.getCurrentState().getId()); >> >> >> >> public class MyDelegatedClientAuthenticationWebflowStateContributor >> extends DefaultDelegatedClientAuthenticationWebflowStateContributor { >> >> @Override >> public Map<String, Serializable> store(final RequestContext >> requestContext, final WebContext webContext, >> final Client client) throws >> Throwable { >> testflow(requestContext, webContext); >> .................... >> >> >> public void testflow(final RequestContext requestContext, final >> WebContext webContext) { >> LOGGER.info("=== STATE CONTRIBUTOR STORE START ==="); >> LOGGER.info("Conversation ID: {}", >> requestContext.getFlowExecutionContext().getKey()); >> LOGGER.info("Flow ID: {}", >> requestContext.getActiveFlow().getId()); >> LOGGER.info("Current State: {}", >> requestContext.getCurrentState().getId()); >> >> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] >> [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] >> >> - <=== STATE CONTRIBUTOR STORE START ===> >> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] >> [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] >> >> - <Conversation ID: null> >> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] >> [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] >> >> - <Flow ID: clientredirect> >> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] >> [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] >> >> - <Current State: delegatedAuthenticationStoreWebflowState> >> >> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] >> [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] >> >> - <Flow scope object: null> >> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] >> [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] >> >> - <Conversation scope object: null> >> 2025-10-07 15:59:26,001 INFO [tomcat-handler-8] >> [org.apereo.cas.web.flow.MyDelegatedClientAuthenticationWebflowStateContributor] >> >> - <Request scope object: null> >> >> -- >> - Website: https://apereo.github.io/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/440520fd-bc8e-43ab-bf98-e351f160c45bn%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/440520fd-bc8e-43ab-bf98-e351f160c45bn%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0f98c04-e2e1-4bee-9191-3b2ed0fc3ecen%40apereo.org.
