Jeff, were you able to isolate your problem to CAS using the browser as I suggested below? Again, I suspect there is an issue with your CAS client or some other aspect of the system.
David Ohsie Software Architect EMC Corporation -----Original Message----- From: Ohsie, David Sent: Tuesday, February 12, 2013 2:07 PM To: [email protected] Subject: RE: [cas-user] URL encoding and CAS CAS should be able to handle your example without a problem. There was a time a number of years ago where the mod_auth_cas client did not properly encode the URI when creating the "service=" query parameter, but we contributed back some fixes and I think that they have all been incorporated. I can't speak to other clients. The first step in debugging this would be to understand which CAS client you are using and what the login URI looks like that it is creating when it forwards you to CAS for login. Please post that information here. So if you start with https://example.com/analytics/saw.dll?dashboard&PortalPath=%2Fshared%2Deans% 2C%20Directors%2C%20Department%20Heads%2F_portal%2FAdmissions%20for%20DDDH The CAS login URI should look something like this: https://cas.example.com/cas/login?service=https%3A%2F%2Fexample.com%2Fanalyt ics%2Fsaw.dll%3Fdashboard%26PortalPath%3D%252Fshared%252Deans%252C%2520Direc tors%252C%2520Department%2520Heads%252F_portal%252FAdmissions%2520for%2520DD DH Post that info and we can go from there. You can get that URI from the browser's address bar when the CAS login page is showing. If you have request log excerpts from apache or other webserver that would also work. Also, I would point out that I think that your original URI is buggy. If you decode the "PortalPath" query parameter, you get this: /shared-eans, Directors, Department Heads/_portal/Admissions for DDDH Looks to me like that "eans" should be "Deans". david -----Original Message----- From: Jeff Chapin [mailto:[email protected]] Sent: Friday, February 08, 2013 5:39 PM To: [email protected] Subject: [cas-user] URL encoding and CAS All, We have an enterprise reporting tool we have operating behind CAS. This service has URLs that have 'special' characters in it -- ampersands, slashes, question marks, spaces, etc. This service handles some URL encoding just fine -- it does not mind replacing ' ' with %20, for instance. When this application is placed behind CAS, however, CAS is modifying the URL -- it is URL encoding strangely. For instance, if I wanted to hit: https://example.com/analytics/saw.dll?dashboard&PortalPath=%2Fshared%2Deans% 2C%20Directors%2C%20Department%20Heads%2F_portal%2FAdmissions%20for%20DDDH CAS is properly authing the user, and then releasing them to: https://example.com/analytics/saw.dll?dashboard%26PortalPath%3d%252Fshared%2 52FDeans%252C%2520Directors%252C%2520Department%2520Heads%252F_portal%252FAd missions%2520for%2520DDDH If you look, it appears that CAS took the already URL encoded service URL, and encoded it again -- %20 becomes %2520 -- the encoding for '%' followed by the '20'. For some reason, CAS is smart enough to encode, but not decode on the way back out. Due to the nature of the service, it *has* spaces in the URLs generated, as well as question marks, ampersands, and slashes -- and who knows what else? It appears that the application is smart enough to decode %20 when it comes in, but not %2520, so these links break, and anytime you are prompted to log in through CAS, you get a 404 error. Subsequent connections (with an existing CAS session) work just fine, with no re-writing of the URLs. Does anyone know of a work around, a setting we can change, or even a section of code to look into in order to fix this behavior? Due to the nature of these reports, and their user base (Deans, Directors, and Department Heads) I am under a decent amount of added incentive to find a fix to this issue... Thanks, Jeff -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature
