Under high concurrent load, an ArrayIndexOutOfBoundsException is thrown from TicketIdentifierGenerationStrategy#generateIdentifier():
Caused by: java.lang.ArrayIndexOutOfBoundsException: 4
at org.bouncycastle.crypto.digests.GeneralDigest.update(Unknown Source)
at org.bouncycastle.crypto.digests.GeneralDigest.update(Unknown Source)
at org.bouncycastle.crypto.prng.drbg.HashSP800DRBG.doHash(Unknown Source)
at org.bouncycastle.crypto.prng.drbg.HashSP800DRBG.hashgen(Unknown Source)
at org.bouncycastle.crypto.prng.drbg.HashSP800DRBG.generate(Unknown Source)
at org.cryptacular.generator.RandomIdGenerator.generate(RandomIdGenerator.java:69)
at net.shibboleth.idp.cas.ticket.TicketIdentifierGenerationStrategy.generateIdentifier(TicketIdentifierGenerationStrategy.java:99)
at net.shibboleth.idp.cas.flow.ValidateProxyCallbackAction.doExecute(ValidateProxyCallbackAction.java:112)
at net.shibboleth.idp.profile.AbstractProfileAction.execute(AbstractProfileAction.java:125
This is a thread safety issue: the cryptacular RandomIdGenerator component is not thread safe yet it is accessed concurrently through generateIdentifier calls.