[cas-dev] URL encoding of service parameter in CAS redirection
dale77
Dale.Ogilvie at trimble.co.nz
Thu Nov 29 22:21:13 EST 2007
I think that CAS is not url encoding the service url on the redirection after
a successful login. Here is the traffic from my test:
GET /casme.asp?Home=%2Fframe%2Easp HTTP/1.1
Location:
https://test-cas.trimble.com/cas/login?service=http%3A%2F%2Ftestpartners%2Etrimble%2Ecom%2Fcasme%2Easp?Home=%2Fframe%2Easp
The redirection coming back from cas after logging in looks like this
(wireshark dump):
GET /casme.asp?Home=/frame.asp&ticket=ST-144-M3Ga4iDXUZSA0sWveCaN HTTP/1.1
In my opinion it should come back from CAS as:
GET /casme.asp?Home=%2Fframe%2Easp&ticket=ST-144-M3Ga4iDXUZSA0sWveCaN
HTTP/1.1
Is this a minor bug in CAS 3.1.1?
Thanks
Dale
--
View this message in context: http://www.nabble.com/URL-encoding-of-service-parameter-in-CAS-redirection-tf4901395.html#a14039991
Sent from the CAS Dev mailing list archive at Nabble.com.
More information about the cas-dev
mailing list