CAS proxy validation failure - Configured TLS trust engine was not used

[Cantor, Scott]

Just to rule it out...is there any chance you set idp.httpclient.connectionDisregardTLSCertificate to true inside services.properties?

I think that field is being left defaulted in the CAS wiring of the internal client and it would default to the property value. I don't know what happens if that's combined with some of the other behavior.

I think that it needs to be hardwired to false and isn't right now.

-- Scott