Hi, I think there is a bug in mod_auth_cas: GET Parameter get falsely encoded.
This is the site I want to open: https://secretsite.de/index.php?id=5972 mod_auth_cas converts it to: https://secretsite.de/index.php?id%3d5972 typo3 does not accept this and faults. At the beginning I am already logged in at the CAS server, so there is no redirect to the CAS. Here is a recording from the HTTP traffic with my mod_auth_cas-enabled webserver: https://secretsite.de/index.php?id=5972&ticket=ST-43-WiSodsfueLSGGhUcGsDh-cas GET /index.php?id=5972&ticket=ST-43-WiSodsfueLSGGhUcGsDh-cas HTTP/1.1 Host: secretsite.de User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Referer: https://secretsite.de/index.php Cookie: MOD_AUTH_CAS_S=48b17e62f56cf3f771928fc6e86d1ab0 DNT: 1 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache HTTP/1.1 302 Found Date: Fri, 27 May 2011 12:33:56 GMT Server: Apache Location: https://secretsite.de/index.php?id%3d5972 Content-Length: 315 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: MOD_AUTH_CAS_S=582def08aa1cddaeda39f9a191a69229;Secure;Path=/ Keep-Alive: timeout=5, max=99 Connection: Keep-Alive ---------------------------------------------------------- https://secretsite.de/index.php?id%3d5972 GET /index.php?id%3d5972 HTTP/1.1 Host: secretsite.de User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Referer: https://secretsite.de/index.php Cookie: MOD_AUTH_CAS_S=582def08aa1cddaeda39f9a191a69229 DNT: 1 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache HTTP/1.1 303 See Other Date: Fri, 27 May 2011 12:33:56 GMT Server: Apache Location: https://secretsite.de/index.php?id=error404 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive ---------------------------------------------------------- Regards, Kevin Richter -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
