CAS proxy validation failure - Configured TLS trust engine was not used
cantor.2 at osu.edu
Mon Aug 17 19:59:41 UTC 2020
Just to rule it out...is there any chance you set idp.httpclient.connectionDisregardTLSCertificate to true inside services.properties?
I think that field is being left defaulted in the CAS wiring of the internal client and it would default to the property value. I don't know what happens if that's combined with some of the other behavior.
I think that it needs to be hardwired to false and isn't right now.
More information about the users