I'm using mod_auth_cas along with CAS RESTful interface to provide
authentication for my application. We noticed that when generating the
"service" parameter for both forwarding to CAS as well as ticket
validation, mod_auth_cas doesn't use the URL that is given (suitably
escaped), but rather reconstructs the URI based on various parameters
that it gets from Apache.
For example, suppose I reference the following URI:
http://www.example.com:80/foo?ticket=ST-footicket
When mod_auth_cas goes to validate the ticket, it is going to use this
in the ticket parameter:
http:/www.example.com/foo
The ticket validation will fail because the ":80" is missing.
This probabably doesn't cause a problem for browser clients because the
initial forwarding to the CAS login page will already have a rewritten
URI, so that the ticket is issued against the rewritten URI, and the
forwarding back to mod_auth_cas will happen with the rewritten URI and
everything will work. However, since we are using the CAS restful API
to prefetch a ticket, the URI rewriting does cause a problem.
Is there a reason for this rewriting behavior? Is there a way to
disable it?
Thanks,
David Ohsie
EMC Corporation
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
