Not properly encoded service redirect URLs

21 views

Skip to first unread message

Marcin Roman

unread,

May 27, 2020, 8:21:58 AM5/27/20

to CAS Community

Hi,

I have a problem with service urls containing non ascii characters.

Lets suppose we have a service:

https://service.com/abcędef

protected by mod_auth_cas. User enters this url and is redirected by mod_auth_cas to:

https://cas.example.com/login?service=https%3a%2f%2fservice.com%2fabc%c4%99def
Next user enters username and password in CAS and after successful login is redirected to:
https://service.com/abc?def?ticket=ST-1301-EXDCAGStMFZe7VbvKdTKade-O7E-cas.example.com

instead of

https://service.com/abc%c4%99def?ticket=ST-1301-EXDCAGStMFZe7VbvKdTKade-O7E-cas.example.com

I would appreciate if you could fix this bug or suggest any workaround.

Regards,

Marcin

Ray Bon

unread,

May 27, 2020, 11:55:18 AM5/27/20

to cas-...@apereo.org

Marcin,

I think non US-ASCII characters are disallowed. See https://www.ietf.org/rfc/rfc3986.txt

At the very least, those characters would have to be encoded.

Ray

On Wed, 2020-05-27 at 05:21 -0700, Marcin Roman wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

--

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

Reply all

Reply to author

Forward

0 new messages