I already asked this quesiton on StackOverflow: https://stackoverflow.com/questions/53891335/jasperreports-server-community-edition-7-1-0-cas-authenticaton-deletes-roles-on and got 0 responses so far. I have successfully enabled CAS authentication according to the docuemtation at: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/configuring-jasperreports-server-cas I have also read the Synchronization of Roles documentation at least ten times and I am still confused: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/synchronization-roles Why in the world is the Jasper Reports Server deleting internal roles assigned to external users? It seems that once a user gets created via CAS authentication the administrator should be able to grant that user internal roles. However, no matter what I do assigned internal roles get removed every time the user logs in. What is surprising is that when using the file: applicationContext-externalAuth-CAS.xml ... <bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor"> <!--Default permitted role characters; others are removed. Change regular expression to allow other chars. <property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>--> <property name="userAuthorityService"> <ref bean="${bean.internalUserAuthorityService}"/> </property> <property name="defaultInternalRoles"> <list> <value>ROLE_USER</value> </list> </property> <property name="externalAuthProperties" > <ref local="externalAuthProperties"/> </property> </bean>... [/code]the server creates a "ROLE_USER_EXT" which makes sense according to the documentation and assigns that role as well as the "ROLE_USER" to anyone who successfully authenticates via CAS. Once EVERY OTHER logout the server removes the ROLE_USER but leaves the ROLE_USER_EXT intact so during every other login users get the message: "You do not have permission to view this page." This should not be this difficult. I have configured at least 20 other apps to use CAS authentication and it has been smooth. This app has me baffled.
