Thanks for help
You maybe give me a good advice,I check my cas access log again,and find some
conflict with url encoding~{#:~}
192.168.200.109 - - [11/May/2012:08:48:52 +0800] "GET
/proxyValidate?service=http%3A%2F%2Fjira.xx.yy%3A8880%2Fjira%2Fsr%2Fjira.issueviews%3Asearchrequest-xml%2Ftemp%2FSearchRequest.xml%3F%26resolution%3D-1%26assigneeSelect%3Dissue_current_user%26sorter%2Ffield%3Dcreated%26sorter%2Forder%3DDESC%26tempMax%3D20&ticket=ST-4049-GUpZdebegYN65bCArWHg-cas
HTTP/1.1" 200 240
192.168.200.64 - - [11/May/2012:08:48:52 +0800] "GET
/proxy?pgt=TGT-180-gJdJvBWzY73htdhaYkOeeiSYKhkWPcWm53gTJpUtkkGOE1VQBW-cas&targetService=http://jira.xx.yy:8880/jira/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?&resolution=-1&assigneeSelect=issue_current_user&sorter/field=created&sorter/order=DESC&tempMax=20
HTTP/1.1" 200 195
192.168.200.109 - - [11/May/2012:08:48:52 +0800] "GET
/login?service=http%3A%2F%2Fportal.xx.yy%3A8180%2Fuserbind%2Fjsp%2Fintegration%2Fmvnforumsso.jsp
HTTP/1.1" 302 281
192.168.200.64 - - [11/May/2012:08:48:50 +0800] "GET
/proxyValidate?service=http://portal.xx.yy:8180/Authentication&ticket=ST-4048-sEy7hnUgdbFFJuMFFLhA-cas&pgtUrl=https://portal.xx.yy:8143/CasProxyServlet
HTTP/1.1" 200 263
As you can see some url encoded, but some other not, where is the encoding
config error, the CAS server or some other things?
Can you give me more hint?
You help much appreciated.
> Hi,
> Parameters in url must always be encoded. For example :
> http://localhost:8080/cas/login?service=http%3A%2F%2Fmyservice.com
>
> In your log, the targetService is not url encoded. It should be :
> http%3A%2F%2Fjira.xx.yy%3A8880%2Fjira%2Fsr%2Fjira.issueviews%3Asearchrequest-xml%2Ftemp%2FSearchRequest.xml%3F%26resolution%3D-1%26assigneeSelect%3Dissue_current_user%26sorter%2Ffield%3Dcreated%26sorter%2Forder%3DDESC%26tempMax%3D20
>
> As it's not url encoded, the "resolution" parameter and followers are
> considered as parameters of the /proxy url and not from the targetService
> parameter. That's why the targetService is truncated at proxy ticket creation
> and why the proxy ticket validation fails because of the service.
>
> Best regards,
> J~{(&~}r?me
>
> --
> You are currently subscribed to [email protected] as: [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
mist <[email protected]>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user