Mod_auth_cas 1.0.8 and final redirection

[Brian Donnelly]

Hello,

We recently attempted to upgrade our Shilbboleth Identity provider from mod_auth_cas 1.0.7 to 1.0.8 and encountered some unexpected problems.  Urls passing through mod_auth_cas to the Shibboleth IDP would end up with double-url encoded query parameters, resulting in invalid urls.

I have looked through the 1.0.8 code and traced the issue back to the new final redirection which strips the ticket parameter from the url.  This redirection performs a url-encoding of the query string of the url.  This url-encoding ultimately redirects the user to a url that is not exactly the same as the originating url.  The Shibboleth IDP makes heavy use of urls in the query string which become garbled when url-encoded.

Is this url-encoding of the query string on the final redirect intended behavior?

If not I would like to submit the attached mod_auth_cas.c file as a patch for the issue.

Regards,

Brian Donnelly
--
University of California, Davis
Information and Educational Technology
Application Development - Infrastructure Team
3820 Chiles Rd. Davis, CA 95616
(530) 754-5909
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081112/8ac1faa5/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mod_auth_cas.c
Type: application/octet-stream
Size: 67642 bytes
Desc: mod_auth_cas.c
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20081112/8ac1faa5/attachment.obj