403 - Forbidden error on link containing question mark
16 views
Skip to first unread message
Bernd Schmidt
Aug 13, 2018, 5:56:30 AM8/13/18
to CAS Community
Hi all,
I am currently using the Java CAS Client for Jira integration, version 3.5.1-SNAPSHOT ("java-cas-client/cas-client-integration-atlassian" from https://github.com/apereo/java-cas-client/tree/master/cas-client-integration-atlassian) and encounter the following effect.
In case there is no valid login session and a URL contains a question mark the following 403 forbidden error is thrown.
Is this a known behaviour or something that could be fixed? In case the parameter including question mark is deleted everything works fine (but, for the specific case, comment highlighting will not be possible anymore so cutting of the parameter is not desired).
Encountered a "403 - Forbidden" error while loading this page.
Ticket 'ST-21113-F33egetqdi-serverhosta01' does not match supplied service. The original service was 'https://jira.example.org/browse/TEST-360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=1454487' and the supplied service was 'https://jira.example.org/browse/TEST-360?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&focusedCommentId=1454487'.
Thanks,
Bernd
I am currently using the Java CAS Client for Jira integration, version 3.5.1-SNAPSHOT ("java-cas-client/cas-client-integration-atlassian" from https://github.com/apereo/java-cas-client/tree/master/cas-client-integration-atlassian) and encounter the following effect.
In case there is no valid login session and a URL contains a question mark the following 403 forbidden error is thrown.
Is this a known behaviour or something that could be fixed? In case the parameter including question mark is deleted everything works fine (but, for the specific case, comment highlighting will not be possible anymore so cutting of the parameter is not desired).
Encountered a "403 - Forbidden" error while loading this page.
Ticket 'ST-21113-F33egetqdi-serverhosta01' does not match supplied service. The original service was 'https://jira.example.org/browse/TEST-360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=1454487' and the supplied service was 'https://jira.example.org/browse/TEST-360?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&focusedCommentId=1454487'.
Thanks,
Bernd
Ray Bon
Aug 13, 2018, 12:23:28 PM8/13/18
to cas-...@apereo.org
Bernd,
The difference between the urls is a ':' during login and '%3A' on service ticket validation. CAS returns a failed validation (service comparison is very strict) and jira.example.com produces an appropriate message. It looks like atlassian plugin is doing
some encoding when it should not.
Ray
-- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca
Reply all
Reply to author
Forward
0 new messages