Hello,

Just to clarify things : from what I see this code does not handle the proxy ticket granting for cas 3.0 as if I read the docs:
https://apereo.github.io/cas/7.0.x/authentication/Configuring-Proxy-Authentication.html#decrypt-proxy-granting-ticket

"Once the client application has received the proxyGrantingTicket id attribute in the CAS validation response, it can decrypt it via its own private key. Since the attribute is base64 encoded by default, it needs to be decoded first before decryption can occur. Here’s a sample code snippet:"

And I see no part where we could add the private certificate key nor any call to decypher...

Or do I miss something ?