We recently upgraded our CAS servers from 6.6.x to 7.3.3, and we're seeing some unusual behavior that didn't happen before.
Our setup is two CAS nodes with tickets distributed via Hazelcast and services stored in LDAP, and we do use Shibcas to allow us to use CAS as the frontend for our Shibboleth IdPs. Shibcas is configured with the default shibcas.entityIdLocation value (append), and it has been set up like this for as long as we've used it. Sometimes on our production servers since the upgrade (not all the time, maybe 1 out of every 10 attempts, and it comes from all potential entityIds), the user ends up getting a 500 error from CAS upon referral from the IdPs: 2026-02-20 10:42:06,727 ERROR [org.apereo.cas.web.support.filters.AbstractSecurityFilter] - <jakarta.servlet.ServletException: This request is blocked: Parameter [entityId] had multiple values [[google.com/a/case.edu?service=https://login.case.edu/idp/Authn/External?conversation=e1s2, google.com/a/case.edu]] but at most one value is allowable. AbstractSecurityFilter.java:throwException:42 AbstractSecurityFilter.java:throwException:26 RequestParameterPolicyEnforcementFilter.java:doFilter:390 ApplicationFilterChain.java:doFilter:107 Has anyone else seen something like this before? Thanks, Sam -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CADzXezbqL3nN%3DHxM1HyRprm2dH9ruZjbL-fk4g8XquEKvuMuBg%40mail.gmail.com.
