Re: [cas-user] Bug with mod_auth_cas

[Anthony Colebourne]

Hi,

I recently had the same issue with version 1.0.8. Switching to an older 
version worked for me. I haven't tried a later version, but it looks 
like this issue:
        https://issues.jasig.org/browse/MAS-35
-- Anthony.


On 30/05/11 17:09, Smith, Matthew J. wrote:
Kevin,

Do you use mod_rewrite (or similar) to strip the ticket parameter?  Could you 
post (or send to me privately) the portions of your Apache conf containing the 
CAS configuration, the AuthType CAS block, and any rewrite/redirect statements?

Thanks,
-Matt

Matthew J. Smith
University of Connecticut UITS
matt.sm...@uconn.edu
________________________________________
From: Kevin Richter [kevin.rich...@uni-hildesheim.de]
Sent: Monday, May 30, 2011 3:40 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] Bug with mod_auth_cas

Hi,

I'm using this version:
https://source.jasig.org/cas-clients/mod_auth_cas/trunk/src/mod_auth_cas.c
I've checked today if there are differences in the source code, but
there are none.

cu
Kevin



Am 30.05.2011 04:44, schrieb Phil Ames:
Hi,
What version are you using?  Have you tried the code in trunk, or
1.0.9.1?  This issue has been resolved for some time.

-Phil

On Sun, May 29, 2011 at 3:30 PM, Kevin Richter
<kevin.rich...@uni-hildesheim.de
<mailto:kevin.rich...@uni-hildesheim.de>>  wrote:

     Hi,

     I think there is a bug in mod_auth_cas:
     GET Parameter get falsely encoded.

     This is the site I want to open:
     https://secretsite.de/index.php?id=5972
     mod_auth_cas converts it to:
     https://secretsite.de/index.php?id%3d5972
     typo3 does not accept this and faults.

     At the beginning I am already logged in at the CAS server, so there is
     no redirect to the CAS.


     Here is a recording from the HTTP traffic with my mod_auth_cas-enabled
     webserver:

     
https://secretsite.de/index.php?id=5972&ticket=ST-43-WiSodsfueLSGGhUcGsDh-cas
     
<https://secretsite.de/index.php?id=5972&ticket=ST-43-WiSodsfueLSGGhUcGsDh-cas>

     GET /index.php?id=5972&ticket=ST-43-WiSodsfueLSGGhUcGsDh-cas HTTP/1.1
     Host: secretsite.de<http://secretsite.de>
     User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101
     Firefox/4.0.1
     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
     Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
     Accept-Encoding: gzip, deflate
     Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
     Keep-Alive: 115
     Referer: https://secretsite.de/index.php
     Cookie: MOD_AUTH_CAS_S=48b17e62f56cf3f771928fc6e86d1ab0
     DNT: 1
     Connection: keep-alive
     Pragma: no-cache
     Cache-Control: no-cache

     HTTP/1.1 302 Found
     Date: Fri, 27 May 2011 12:33:56 GMT
     Server: Apache
     Location: https://secretsite.de/index.php?id%3d5972
     Content-Length: 315
     Content-Type: text/html; charset=iso-8859-1
     Set-Cookie:
     MOD_AUTH_CAS_S=582def08aa1cddaeda39f9a191a69229;Secure;Path=/
     Keep-Alive: timeout=5, max=99
     Connection: Keep-Alive

     ----------------------------------------------------------

     https://secretsite.de/index.php?id%3d5972

     GET /index.php?id%3d5972 HTTP/1.1
     Host: secretsite.de<http://secretsite.de>
     User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101
     Firefox/4.0.1
     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
     Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
     Accept-Encoding: gzip, deflate
     Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
     Keep-Alive: 115
     Referer: https://secretsite.de/index.php
     Cookie: MOD_AUTH_CAS_S=582def08aa1cddaeda39f9a191a69229
     DNT: 1
     Connection: keep-alive
     Pragma: no-cache
     Cache-Control: no-cache

     HTTP/1.1 303 See Other
     Date: Fri, 27 May 2011 12:33:56 GMT
     Server: Apache
     Location: https://secretsite.de/index.php?id=error404
     Content-Length: 0
     Content-Type: text/html; charset=UTF-8
     Keep-Alive: timeout=5, max=98
     Connection: Keep-Alive

     ----------------------------------------------------------


     Regards,

     Kevin Richter

     --
     <BR>
     You are currently subscribed to cas-user@lists.jasig.org
     <mailto:cas-user@lists.jasig.org>  as: modauth...@gmail.com
     <mailto:modauth...@gmail.com>
     <BR>
     To unsubscribe, change settings or access archives, see
     http://www.ja-sig.org/wiki/display/JSG/cas-user


--
You are currently subscribed to cas-user@lists.jasig.org as: 
kevin.rich...@uni-hildesheim.de
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


--
<BR>
You are currently subscribed to cas-user@lists.jasig.org as: 
matt.sm...@uconn.edu
<BR>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


--
<BR>
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
<BR>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user