What version of mod_auth_cas are you using? There was a bug which involved erroneous double-encoding of some URL parameters, which may be occurring here. It is fixed in either 1.0.8.1 or the current trunk or curl branches.
-Phil On Tue, Sep 28, 2010 at 10:57 PM, Scott Battaglia <[email protected] > wrote: > It appears to be redirecting correctly (you'll see that there's a POST and > the response is the Moved Temporarily and then it looks like there are some > requests to your client). > > I do see this though: > GET > /mg/Repository/system/index.php?repository=Mapping%20Files&ticket=ST-13-hQrMsPse1Wka75smxedo-cas > HTTP/1.1 > GET /mg/Repository/system/index.php?repository%3dMapping%2520Files HTTP/1.1 > > These don't match after the redirect (and the ST is removed). Is that a > problem? > > > On Tue, Sep 28, 2010 at 1:02 PM, Steve Fiske <[email protected]>wrote: > >> Any ideas on how to solve or investigate the CAS redirection problem >> described below for IP address access using Internet Explorer? >> >> Noticed that: >> (1) HTTP Request POST issued when valid username, password entered and >> Login button clicked on CAS Login has JSESSIONID cookie defined for cases >> where CAS redirection works (fully-qualified domain name access using >> Internet Explorer and IP address access using Firefox) and there is no >> JSESSIONID cookie defined for case where CAS redirection fails (IP address >> access using Internet Explorer) >> >> (2) HTTP Request GET issued in attempt to redirect to desired web page >> after CAS validation has MOD_AUTH_CAS_S cookie defined for cases where CAS >> redirection works (fully-qualified domain name access using Internet >> Explorer and IP address access using Firefox) and there is no MOD_AUTH_CAS_S >> cookie defined for case where CAS redirection fails (IP address access using >> Internet Explorer) >> >> It potentially appears as though CAS thinks the user is authenticated but >> MOD_AUTH_CAS does not think user is authenticated for case where redirection >> fails (IP address access using Internet Explorer). >> >> Traced HTTP header requests/responses for >> (1) IP address access using Internet Explorer where CAS redirection does >> not work - sits on CAS login page >> (2) fully-qualified domain name access using Internet Explorer where CAS >> redirection to desired web page works >> (3) IP address access using Firefox where CAS redirection to desired web >> page works >> >> Fully-qualified domain name access using Firefox where CAS redirection to >> desired web page works was not traced for this post. >> >> HTTP Request/Response Excerpts have been attached as follows: >> (1) IE_HTTP_Hdr_IP_addr_100922_1149.txt - IP address access using Internet >> Explorer where CAS redirection does not work - sits on CAS login page >> (2) IE_HTTP_Hdr_FQDN_100922_1158.txt - fully-qualified domain name access >> using Internet Explorer where CAS redirection to desired web page works >> (3) Firefox_HTTP_Hdr_IP_addr_100923_1155.txt - IP address access using >> Firefox where CAS redirection to desired web page works >> >> Logs for IE produced with ieHTTPHeaders. Logs for Firefox produced with >> Firebug. >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
