[cas-dev] URL encoding of service parameter in CAS redirection
Scott Battaglia
scott.battaglia at gmail.com
Thu Nov 29 22:39:36 EST 2007
According to my calculations (okay, Java's URLEncoder's calculations), your
original request to CAS should have looked something like this:
https://test-cas.trimble.com/cas/login?service=<https://test-cas.trimble.com/cas/login?service=http%3A%2F%2Ftestpartners%2Etrimble%2Ecom%2Fcasme%2Easp?Home=%2Fframe%2Easp>
http%3A%2F%2Ftestpartners.trimble.com%2Fcasme.asp%3FHome%3D%252Fframe%252Easp
I would check the thing that is encoding the service URL before redirecting
to CAS. It appears its not completely encoding the URL (again this is from
my very quick calculations as I'm working on some homework right now ;-))
-Scott
On Nov 29, 2007 10:21 PM, dale77 <Dale.Ogilvie at trimble.co.nz> wrote:
>
> I think that CAS is not url encoding the service url on the redirection
> after
> a successful login. Here is the traffic from my test:
>
> GET /casme.asp?Home=%2Fframe%2Easp HTTP/1.1
> Location:
>
> https://test-cas.trimble.com/cas/login?service=http%3A%2F%2Ftestpartners%2Etrimble%2Ecom%2Fcasme%2Easp?Home=%2Fframe%2Easp
>
> The redirection coming back from cas after logging in looks like this
> (wireshark dump):
>
> GET /casme.asp?Home=/frame.asp&ticket=ST-144-M3Ga4iDXUZSA0sWveCaN HTTP/1.1
>
> In my opinion it should come back from CAS as:
>
> GET /casme.asp?Home=%2Fframe%2Easp&ticket=ST-144-M3Ga4iDXUZSA0sWveCaN
> HTTP/1.1
>
> Is this a minor bug in CAS 3.1.1?
>
> Thanks
>
> Dale
> --
> View this message in context:
> http://www.nabble.com/URL-encoding-of-service-parameter-in-CAS-redirection-tf4901395.html#a14039991
> Sent from the CAS Dev mailing list archive at Nabble.com.
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20071129/144cf4a2/attachment.html
More information about the cas-dev
mailing list