Kevin, One more question -- do you use the "CASRootProxiedAs" directive in your Apache conf?
Thanks, -Matt Matthew J. Smith University of Connecticut UITS [email protected] ________________________________________ From: Smith, Matthew J. Sent: Monday, May 30, 2011 12:09 PM To: [email protected] Subject: RE: [cas-user] Bug with mod_auth_cas Kevin, Do you use mod_rewrite (or similar) to strip the ticket parameter? Could you post (or send to me privately) the portions of your Apache conf containing the CAS configuration, the AuthType CAS block, and any rewrite/redirect statements? Thanks, -Matt Matthew J. Smith University of Connecticut UITS [email protected] ________________________________________ From: Kevin Richter [[email protected]] Sent: Monday, May 30, 2011 3:40 AM To: [email protected] Subject: Re: [cas-user] Bug with mod_auth_cas Hi, I'm using this version: https://source.jasig.org/cas-clients/mod_auth_cas/trunk/src/mod_auth_cas.c I've checked today if there are differences in the source code, but there are none. cu Kevin Am 30.05.2011 04:44, schrieb Phil Ames: > Hi, > What version are you using? Have you tried the code in trunk, or > 1.0.9.1? This issue has been resolved for some time. > > -Phil > > On Sun, May 29, 2011 at 3:30 PM, Kevin Richter > <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > > I think there is a bug in mod_auth_cas: > GET Parameter get falsely encoded. > > This is the site I want to open: > https://secretsite.de/index.php?id=5972 > mod_auth_cas converts it to: > https://secretsite.de/index.php?id%3d5972 > typo3 does not accept this and faults. > > At the beginning I am already logged in at the CAS server, so there is > no redirect to the CAS. > > > Here is a recording from the HTTP traffic with my mod_auth_cas-enabled > webserver: > > > https://secretsite.de/index.php?id=5972&ticket=ST-43-WiSodsfueLSGGhUcGsDh-cas > > <https://secretsite.de/index.php?id=5972&ticket=ST-43-WiSodsfueLSGGhUcGsDh-cas> > > GET /index.php?id=5972&ticket=ST-43-WiSodsfueLSGGhUcGsDh-cas HTTP/1.1 > Host: secretsite.de <http://secretsite.de> > User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 > Firefox/4.0.1 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 > Accept-Encoding: gzip, deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Referer: https://secretsite.de/index.php > Cookie: MOD_AUTH_CAS_S=48b17e62f56cf3f771928fc6e86d1ab0 > DNT: 1 > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > > HTTP/1.1 302 Found > Date: Fri, 27 May 2011 12:33:56 GMT > Server: Apache > Location: https://secretsite.de/index.php?id%3d5972 > Content-Length: 315 > Content-Type: text/html; charset=iso-8859-1 > Set-Cookie: > MOD_AUTH_CAS_S=582def08aa1cddaeda39f9a191a69229;Secure;Path=/ > Keep-Alive: timeout=5, max=99 > Connection: Keep-Alive > > ---------------------------------------------------------- > > https://secretsite.de/index.php?id%3d5972 > > GET /index.php?id%3d5972 HTTP/1.1 > Host: secretsite.de <http://secretsite.de> > User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 > Firefox/4.0.1 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 > Accept-Encoding: gzip, deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Referer: https://secretsite.de/index.php > Cookie: MOD_AUTH_CAS_S=582def08aa1cddaeda39f9a191a69229 > DNT: 1 > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > > HTTP/1.1 303 See Other > Date: Fri, 27 May 2011 12:33:56 GMT > Server: Apache > Location: https://secretsite.de/index.php?id=error404 > Content-Length: 0 > Content-Type: text/html; charset=UTF-8 > Keep-Alive: timeout=5, max=98 > Connection: Keep-Alive > > ---------------------------------------------------------- > > > Regards, > > Kevin Richter > > -- > <BR> > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > <BR> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
