[cas-dev] URL encoding of service parameter in CAS redirection

Scott Battaglia scott.battaglia at gmail.com
Fri Nov 30 00:00:22 EST 2007 

I took the encoded URL I provided before and ran it against the JASIG CAS
server just to see where it would redirect to, and this is the URL it
attempted to redirect to (I obviously can't actually access the server):

http://testpartners.trimble.com/casme.asp?Home=%2Fframe%2Easp&ticket=ST-58-cegfWJO6XdDDsX4BHUt2

which I believe is what you want.  In this case, .NET is apparently doing
the wrong encoding then.  It appears to be anyway.  We can try and debug
some more tomorrow when I'm actually at work.

-Scott

On Nov 29, 2007 11:49 PM, Dale Ogilvie <Dale.Ogilvie at trimble.co.nz> wrote:

>  OK, I'll admit it is fairly likely that the client's construction of
> the url for redirection to CAS is doing some interesting encoding here. :-)
> Here's my latest efforts:
>
> Original service url, with the Home parameter as encoded by microsoft's
> server.URLEncoder:
>
> GET /casme.asp?Home=%2Fframe%2Easp HTTP/1.1
>
> Redirection url, as constructed by yours truly, again using
> server.URLEncoder:
>
>
> https://test-cas.trimble.com/cas/login?service=http%3A%2F%2Ftestpartners%2Etrimble%2Ecom%2Fcasme%2Easp%3FHome%3D%2Fframe%2Easp
>
> Redirection url, as requested by the browser in response to CAS's
> redirection:
>
> GET /casme.asp?Home=/frame.asp&ticket=ST-176-OW9neWkceRTXoZFdABiB
>
> Even in java land where "." chars are left alone, shouldn't that last url
> be:
>
> GET /casme.asp?Home=%2Fframe.asp&ticket=ST-176-OW9neWkceRTXoZFdABiB
>
> Please excuse me, I've been dealing with VB-Script all day...
>
>  ------------------------------
> *From:* cas-dev-bounces at tp.its.yale.edu [mailto:
> cas-dev-bounces at tp.its.yale.edu] *On Behalf Of *Scott Battaglia
> *Sent:* Friday, 30 November 2007 4:40 p.m.
> *To:* Mailing list for CAS developers
> *Subject:* Re: [cas-dev] URL encoding of service parameter in CAS
> redirection
>
> According to my calculations (okay, Java's URLEncoder's calculations),
> your original request to CAS should have looked something like this:
>
> https://test-cas.trimble.com/cas/login?service=<https://test-cas.trimble.com/cas/login?service=http%3A%2F%2Ftestpartners%2Etrimble%2Ecom%2Fcasme%2Easp?Home=%2Fframe%2Easp>
> http%3A%2F%2Ftestpartners.trimble.com%2Fcasme.asp%3FHome%3D%252Fframe%252Easp
>
> I would check the thing that is encoding the service URL before
> redirecting to CAS.  It appears its not completely encoding the URL (again
> this is from my very quick calculations as I'm working on some homework
> right now ;-))
>
> -Scott
>
>
> On Nov 29, 2007 10:21 PM, dale77 <Dale.Ogilvie at trimble.co.nz> wrote:
>
> >
> > I think that CAS is not url encoding the service url on the redirection
> > after
> > a successful login. Here is the traffic from my test:
> >
> > GET /casme.asp?Home=%2Fframe%2Easp HTTP/1.1
> > Location:
> >
> > https://test-cas.trimble.com/cas/login?service=http%3A%2F%2Ftestpartners%2Etrimble%2Ecom%2Fcasme%2Easp?Home=%2Fframe%2Easp
> >
> > The redirection coming back from cas after logging in looks like this
> > (wireshark dump):
> >
> > GET /casme.asp?Home=/frame.asp&ticket=ST-144-M3Ga4iDXUZSA0sWveCaN
> > HTTP/1.1
> >
> > In my opinion it should come back from CAS as:
> >
> > GET /casme.asp?Home=%2Fframe%2Easp&ticket=ST-144-M3Ga4iDXUZSA0sWveCaN
> > HTTP/1.1
> >
> > Is this a minor bug in CAS 3.1.1?
> >
> > Thanks
> >
> > Dale
> > --
> > View this message in context:
> > http://www.nabble.com/URL-encoding-of-service-parameter-in-CAS-redirection-tf4901395.html#a14039991
> > Sent from the CAS Dev mailing list archive at Nabble.com.
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
>
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20071130/30c976cb/attachment.html

More information about the cas-dev mailing list