Service with queryparameters in uri not recognized

[kaphael]

Hello,

Does anyone encounter issues with CAS configured as SAML idp and SAML service with serviceId containing queryParameters in uri ( "serviceId":"https://myRessource.com?test=default") ?

I got the following issues :

- Service is not recognized as a SAML Service (PatternMatching in RegexRegisteredService.matches fails)

- EntityId extraction in SamlIdPEntityIdValidationServiceSelectionStrategy fails (the "=" character in the uri isn't uriEncoded so the URIBuilder.parseQuery didn't find entityId parameter (parameterCombo.length = 3)

If I remove the "?test=default" from the uri it's works fine.

Regards.

[kaphael]

I'm using CAS 5.0.0 version.

[Ray Bon]

Kaphael,

What is your service rule (the regex) that you are trying to match?

Should your serviceId be https://myRessource.com/?test=default? Note '/' before '?'.

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507128831 | CLE 023 | rb...@uvic.ca

[kaphael]

Hello Ray,

My CAS server run as SAML IDP thanks the following dependency :

<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-support-saml-idp</artifactId>
  <version>${cas.version}</version>
</dependency>

I use json service registry thanks this dependency :

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-json-service-registry</artifactId>
    <version>${cas.version}</version>
</dependency>

And my service is registered as follow :

{

  "metadataLocation": "https://myRessource.com/saml/myRessource/saml/metadata",

  "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",

  "serviceId": "https://myRessource.com?test=default",

  "name": "SAML test",

  "id": 5,

  "evaluationOrder": 5,

  "description": "SAML test",

  "attributeReleasePolicy": {

    "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"

  }

}

As SamlRegisteredService extends RegexRegisteredService the matches function fails because there is a "?" in the serviceId :

 Pattern.compile("https://myRessource.com?test=default", Pattern.CASE_INSENSITIVE).matcher("https://myRessource.com?test=default").matches();

I put a breakpoint in RegexpRegisteredService in order to allow my service and the second issue occured in SamlIdPEntityIdValidationServiceSelectionStrategy.

Regards,

Kaphael.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1493135306.25318.18.camel%40uvic.ca.

[Ray Bon]

Kaphael,

In the serviceId, put a \ before the ? to escape it. That will let the regex know you are looking for a ? instead of making the m optional.

https://myRessource.com\?test=default

Ray

P.S. my previous comment about the slash had to do with the form of the url rather than the regex.