Hi All, First off, I feel like I've tracked this issue down once in the past, in fact, I may have even asked the question to the group. If so, I apologize in advance — even with my best efforts, I couldn't come up with anything.
Anyway — I've noticed a difference between how redirects are handled when the protocol name is in uppercase in the service parameter verses when it is in lowercase. When the service parameter is passed in with a lowercase https, after authentication, CAS redirects the user back to the service, as expected. I.e. https://login.dartmouth.edu/cas/login?service=https://somewhere.dartmouth.edu Results in the user being directed to https://somewhere.dartmouth.edu with the appropriate ticket parameter appended. However, https://login.dartmouth.edu/cas/login?service=HTTPS://somewhere.dartmouth.edu (I.e. https changes to HTTPS) Results in the redirect being treated as though its relative to /cas/ and so, the user ends up being sent to: https://login.dartmouth.edu/cas/HTTPS://somewhere.dartmouth.edu?ticket=xxxxxx .. Which is obviously not what was intended.. So, my question is -- is this expected behavior? Is there anything I can do to tell CAS, or probably more likely, spring webflow to always treat the redirect as an external URL? Thank you for your time answering my question and please let me know if there are any additional details I can provide. Thanks again, ..Sean. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
