Thanks for help
You maybe give me a good advice,I check my cas access log again,and find some 
conflict with url encoding~{#:~}

192.168.200.109 - - [11/May/2012:08:48:52 +0800] "GET 
/proxyValidate?service=http%3A%2F%2Fjira.xx.yy%3A8880%2Fjira%2Fsr%2Fjira.issueviews%3Asearchrequest-xml%2Ftemp%2FSearchRequest.xml%3F%26resolution%3D-1%26assigneeSelect%3Dissue_current_user%26sorter%2Ffield%3Dcreated%26sorter%2Forder%3DDESC%26tempMax%3D20&ticket=ST-4049-GUpZdebegYN65bCArWHg-cas
 HTTP/1.1" 200 240
192.168.200.64 - - [11/May/2012:08:48:52 +0800] "GET 
/proxy?pgt=TGT-180-gJdJvBWzY73htdhaYkOeeiSYKhkWPcWm53gTJpUtkkGOE1VQBW-cas&targetService=http://jira.xx.yy:8880/jira/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?&resolution=-1&assigneeSelect=issue_current_user&sorter/field=created&sorter/order=DESC&tempMax=20
 HTTP/1.1" 200 195
192.168.200.109 - - [11/May/2012:08:48:52 +0800] "GET 
/login?service=http%3A%2F%2Fportal.xx.yy%3A8180%2Fuserbind%2Fjsp%2Fintegration%2Fmvnforumsso.jsp
 HTTP/1.1" 302 281
192.168.200.64 - - [11/May/2012:08:48:50 +0800] "GET 
/proxyValidate?service=http://portal.xx.yy:8180/Authentication&ticket=ST-4048-sEy7hnUgdbFFJuMFFLhA-cas&pgtUrl=https://portal.xx.yy:8143/CasProxyServlet
 HTTP/1.1" 200 263
As you can see some url encoded, but some other not, where is the encoding 
config error, the CAS server or some other things?
Can you give me more hint?
You help much appreciated.
> Hi,
> Parameters in url must always be encoded. For example :
> http://localhost:8080/cas/login?service=http%3A%2F%2Fmyservice.com
> 
> In your log, the targetService is not url encoded. It should be : 
> http%3A%2F%2Fjira.xx.yy%3A8880%2Fjira%2Fsr%2Fjira.issueviews%3Asearchrequest-xml%2Ftemp%2FSearchRequest.xml%3F%26resolution%3D-1%26assigneeSelect%3Dissue_current_user%26sorter%2Ffield%3Dcreated%26sorter%2Forder%3DDESC%26tempMax%3D20
> 
> As it's not url encoded, the "resolution" parameter and followers are 
> considered as parameters of the /proxy url and not from the targetService 
> parameter. That's why the targetService is truncated at proxy ticket creation 
> and why the proxy ticket validation fails because of the service.
> 
> Best regards,
> J~{(&~}r?me
> 
> -- 
> You are currently subscribed to [email protected] as: [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
mist <[email protected]>


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to