I tried commenting out the encryption and signing keys to let CAS auto generate the keys but still the same issue. I am not setting any key sizes for jpa registry properties. On retry of SSO login, user is redirected to IDP login screen and after successful login they are redirected to CAS welcome screen with all principal details, seems like it is loosing the registered service to redirect to. Below are my JPA registry properties: cas.ticket.registry.jpa.driver-class=org.mariadb.jdbc.Driver cas.ticket.registry.jpa.enabled=true cas.ticket.registry.jpa.password=*** cas.ticket.registry.jpa.url=jdbc:mariadb://localhost:3306/test cas.ticket.registry.jpa.user=*** cas.ticket.registry.jpa.ddl-auto=none cas.ticket.registry.jpa.dialect=org.hibernate.dialect.MariaDBDialect cas.ticket.registry.jpa.crypto.enabled=true cas.ticket.registry.jpa.crypto.signing-enabled=true
Also have properties for tgc for which I am setting key-size and alg: cas.tgc.max-age=-1 cas.tgc.http-only=false cas.tgc.path=/ cas.tgc.name=CASTGC cas.tgc.crypto.encryption.key=PqN1lyOIrdCppLN0MaORzkBFDuaS4ytKWmBgRYVhjwI cas.tgc.crypto.signing.key=4eWRTqk5RCP97v96pY0Ear6HdTX6kYbNoe32k8nEZjRCDFjXoMzQG3zdEg1fsxpEJL9gGHq7AlOkIp2htvn9Eg cas.tgc.crypto.alg=A256GCM cas.tgc.crypto.encryption.key-size=256 Thank you, Gautham On Wednesday, November 12, 2025 at 1:03:37 PM UTC-6 Ray Bon wrote: > Gautham, > > Check encryption and signing key lengths. Regenerate keys to match the > expected default lengths (rather than trying to set the lengths). > > Ray > ------------------------------ > *From:* [email protected] <[email protected]> on behalf of gautham > jampala <[email protected]> > *Sent:* November 11, 2025 12:55 > *To:* CAS Community <[email protected]> > *Subject:* [cas-user] CAS 7.2.7 JPA Ticket Registry issues while > encrypting data > > Hello, > > We enabled JPA Ticket Registry with data encryption and for most part it > works without issues but for SSO login flow when the user is redirected > back from their IDP to our CAS, authentication is failing with State cannot > be determined. When we turn off encryption for the JPA Ticket Registry data > the user is properly redirected to welcome screen. > > Has anyone run into similar issue and is there a work around for this? > > Thank you, > Gautham > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/5980b2fc-1152-484a-914d-6199a2bab888n%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5980b2fc-1152-484a-914d-6199a2bab888n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/210290ea-e3db-4761-9bf8-441c76f2702fn%40apereo.org.
