[cas-dev] URL encoding of service parameter in CAS redirection
Dale Ogilvie
Dale.Ogilvie at trimble.co.nz
Thu Nov 29 23:49:08 EST 2007
OK, I'll admit it is fairly likely that the client's construction of the
url for redirection to CAS is doing some interesting encoding here. :-)
Here's my latest efforts:
Original service url, with the Home parameter as encoded by microsoft's
server.URLEncoder:
GET /casme.asp?Home=%2Fframe%2Easp HTTP/1.1
Redirection url, as constructed by yours truly, again using
server.URLEncoder:
https://test-cas.trimble.com/cas/login?service=http%3A%2F%2Ftestpartners
%2Etrimble%2Ecom%2Fcasme%2Easp%3FHome%3D%2Fframe%2Easp
Redirection url, as requested by the browser in response to CAS's
redirection:
GET /casme.asp?Home=/frame.asp&ticket=ST-176-OW9neWkceRTXoZFdABiB
Even in java land where "." chars are left alone, shouldn't that last
url be:
GET /casme.asp?Home=%2Fframe.asp&ticket=ST-176-OW9neWkceRTXoZFdABiB
Please excuse me, I've been dealing with VB-Script all day...
________________________________
From: cas-dev-bounces at tp.its.yale.edu
[mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
Sent: Friday, 30 November 2007 4:40 p.m.
To: Mailing list for CAS developers
Subject: Re: [cas-dev] URL encoding of service parameter in CAS
redirection
According to my calculations (okay, Java's URLEncoder's calculations),
your original request to CAS should have looked something like this:
https://test-cas.trimble.com/cas/login?service=
<https://test-cas.trimble.com/cas/login?service=http%3A%2F%2Ftestpartner
s%2Etrimble%2Ecom%2Fcasme%2Easp?Home=%2Fframe%2Easp>
http%3A%2F%2Ftestpartners.trimble.com%2Fcasme.asp%3FHome%3D%252Fframe%25
2Easp
I would check the thing that is encoding the service URL before
redirecting to CAS. It appears its not completely encoding the URL
(again this is from my very quick calculations as I'm working on some
homework right now ;-))
-Scott
On Nov 29, 2007 10:21 PM, dale77 <Dale.Ogilvie at trimble.co.nz> wrote:
I think that CAS is not url encoding the service url on the
redirection after
a successful login. Here is the traffic from my test:
GET /casme.asp?Home=%2Fframe%2Easp HTTP/1.1
Location:
https://test-cas.trimble.com/cas/login?service=http%3A%2F%2Ftestpartners
%2Etrimble%2Ecom%2Fcasme%2Easp?Home=%2Fframe%2Easp
The redirection coming back from cas after logging in looks like
this
(wireshark dump):
GET
/casme.asp?Home=/frame.asp&ticket=ST-144-M3Ga4iDXUZSA0sWveCaN HTTP/1.1
In my opinion it should come back from CAS as:
GET
/casme.asp?Home=%2Fframe%2Easp&ticket=ST-144-M3Ga4iDXUZSA0sWveCaN
HTTP/1.1
Is this a minor bug in CAS 3.1.1?
Thanks
Dale
--
View this message in context:
http://www.nabble.com/URL-encoding-of-service-parameter-in-CAS-redirecti
on-tf4901395.html#a14039991
Sent from the CAS Dev mailing list archive at Nabble.com.
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20071130/cef8ac1b/attachment-0001.html
More information about the cas-dev
mailing list