What's odd is that I see serviceValidate succeed for the ST, so it is getting back to the CAS client at the application. Isn't everything from that point on, including where the CAS client "sends" the user, up to the CAS client and the application?
One other thing I just noticed is that there is a .dll and THEN a slash, meaning that they might be doing something with PATH_INFO... I have a vague memory that CAS clients don't (didn't?) work well with using PATH_INFO? Thanks, Tim From: Scott Battaglia <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Friday, June 22, 2012 10:20 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [cas-user] Help: URLencoded service redirection after successful login As far as I know the major CAS clients do it correctly. We typically see problems with custom CAS clients. Of course, its always possible one of our clients has a bug around that, but its typically not been that way. On Fri, Jun 22, 2012 at 1:18 PM, Tim McLaughlin <[email protected]<mailto:[email protected]>> wrote: I'm not sure -- they mentioned something about mod_auth_cas but not in a way that was specific enough. I'll find out. Is this something that should be handled by the CAS client that the application uses? Thanks! Tim From: Scott Battaglia <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> Reply-To: "[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>" <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> Date: Friday, June 22, 2012 10:10 AM To: "[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>" <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> Subject: Re: [cas-user] Help: URLencoded service redirection after successful login What CAS client are they using to redirect to CAS? On Fri, Jun 22, 2012 at 1:08 PM, Tim McLaughlin <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> wrote: Hello, We've got an off-site service using CAS that involves really long service URLs like so: https://illiad.wwu.edu/illiad/illiad.dll/OpenURL?genre=article&issn=1360-31 08&title=Perspectives+%28Association+of+University+Administrators+%28U.K.%2 9%29&aulast=Taylor%2C+Barry&volume=15&issue=4&date=2011&atitle=Reflections+ on+higher+education+and+the+media.&spage=117&sid=EBSCO%253AAcademic%2BSearc h%2BComplete%28via%253A%2B360Link%29&pid=Interlibrary%20Loan The CAS URL, while the user is on the login form, is this: https://websso.wwu.edu/cas//login?service=https://illiad.wwu.edu/illiad/ill iad.dll/OpenURL%3fgenre%3darticle%26issn%3d1360-3108%26title%3dPerspectives %2b%28Association%2bof%2bUniversity%2bAdministrators%2b%28U.K.%29%29%26aula st%3dTaylor%2C%2bBarry%26volume%3d15%26issue%3d4%26date%3d2011%26atitle%3dR eflections%2bon%2bhigher%2beducation%2band%2bthe%2bmedia.%26spage%3d117%26s id%3dEBSCO%253AAcademic%2BSearch%2BComplete%28via%253A%2B360Link%29%26pid%3 dInterlibrary%20Loan Most of the service is properly URLencoded, but notice that the first part, https://illiad.wwu.edu/illiad/illiad.dll/OpenURL isn't. I don't know if that's important, but it seems odd. Here's the kicker, though: when the user is authenticated, the URL that CAS redirects to is the URLencoded version, not the "original" version, so the user gets a 404 from the application. We have other services that use CAS and a couple have complicated URLs like this, but they get handled properly. Is that something that the application is responsible for resolving, or should CAS be redirecting to the URLdecoded version? I'm wondering if anyone has an idea as to what could be going on with this one? Thanks, Tim -- You are currently subscribed to [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> as: [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> as: [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
