Thanks for the walkthrough. I realize your predicament, but just for the sake completeness I should point out that the per the protocol, service urls are required to be encoded. It’s a MUST. The fact that the application isn’t doing it is a different story.
I am not personally enthusiastic about adding this behavior, but [as we all have to be practical], if you wish to add it, test it and then post a patch to make this an option, I suppose that’s fine. Or simply open up an issue for the time being. -- Misagh From: Dan Roque <[email protected]> Reply: Dan Roque <[email protected]> Date: September 26, 2016 at 10:37:00 PM To: CAS Community <[email protected]> Cc: [email protected] <[email protected]>, [email protected] <[email protected]> Subject: Re: [cas-user] Re: Possible to auto-encode a request url passed to CAS? Hi Misagh, The application that is generating the URLs is emailing them to users which require no encoding. When the user clicks on the URL, my load balancer redirects the URL to flow through CAS by appending the URL as a service like so https://cas2.domain.com/cas/login?method=POST&service=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX&Action=U&CDM_ID=1234567 So in the above URL, the user clicked on the link https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX&Action=U&CDM_ID=1234567 and was redirected through CAS. If I do nothing and let CAS handle the service URL, the user ends up being redirected to https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX As these links are not always the same, I can't just redirect them to an encoded URL in our load balancer. The only other alternative would be to dig into the application's code which is not supported and attempt to have it generate encoded URL's to end users but as I said before, this is not user friendly. It seems much easier to just have CAS support a config option to allow a query string to be fully used as a service URL. Unless I am going about this all wrong? Thanks!! On Monday, September 26, 2016 at 2:58:20 PM UTC-4, Misagh Moayyed wrote: I realize you are asking for auto-encoding, but is there any reason the service url is not encoded prior to submission? -- Misagh From: Dan Roque <[email protected]> Reply: Dan Roque <[email protected]> Date: September 26, 2016 at 10:21:49 PM To: CAS Community <[email protected]> Subject: [cas-user] Re: Possible to auto-encode a request url passed to CAS? I looked over the latest source code and found the relevant code from 3.5.2 that I am asking about https://github.com/apereo/cas/blob/master/core/cas-server-core-services/src/main/java/org/apereo/cas/authentication/principal/WebApplicationServiceFactory.java#L32 Any downfalls to have some sort of config that allows ampersands to be auto-encoded in a query string before the SimpleWebApplicationServiceImpl object is created? So for example, if the following service URL is passed to CAS https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX&Action=U&CDM_ID=1234567 CAS checks the query string and auto-encodes each ampersand to %26 which would result in https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567 This would allow the user to be redirected to the intended service URL. This would be done by not calling getParameter but instead calling getQueryString() and constructing the service string from that. Thoughts? BTW, I'm currently testing CAS 3.5.2 with Tomcat 7.0.64 Thanks! On Monday, September 26, 2016 at 12:02:56 PM UTC-4, Dan Roque wrote: Hi, I'm using an application that emails links to users to view reports and need to redirect these links through CAS (version 3.5.2). The issue is that the application does not URL encode these links when sending to the user as there is no requirement to do so. If the URL is clicked "as-is", it gets redirected to CAS which will strip off any extra parameters it finds. I want to know if it would be possible to have CAS auto-encode the request URL it receives before creating the service string. Here is an example of a URL that is clicked by a user https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX&Action=U&CDM_ID=1234567 I redirect this to https://cas2.domain.com/cas/login?method=POST&service=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX&Action=U&CDM_ID=1234567 After the user authenticates with the above URL, the service used becomes https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX as Action is read as another parameter due to the ampersand. I would like the entire URL to be used as a service and be altered to the following https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567 Does CAS have the capability to auto-encode this for me? So all the '&' would change to '%26'. The only other alternative would be to figure out how to get the application itself to auto-encode the URL but users wouldn't have a "user-friendly" URL. I looked over the CAS 3.5.2 source code and noticed that the service is generated in this method within the SimpleWebApplicationServiceImpl class SimpleWebApplicationServiceImpl createServiceFrom(final HttpServletRequest request, final HttpClient httpClient) { ... } This is the only spot I can see where modifying the service URL would work. Any input is appreciated. Thanks!! Dan -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e98625b2-d88c-4497-84e7-baee138d0a69%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fbc46e83-c294-4742-8f0a-1c08219f1d8c%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57e976ec.5c225f92.13015%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
