service id & cleanupUrl on service creation
39 views
Skip to first unread message
Tom Andersson
Aug 26, 2016, 5:00:14 AM8/26/16
to CAS Community
Hi,
Probably it's just me, but in our CAS (4.1.4) logs we have random errors like
2016-08-25 11:03:05,399 ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] - Service ticket [ST-113-icLdxoWXyaRPKXg4ZvJC-myhost] with service [https://something.net/whatever?param1=value1¶m2=value2] does not match supplied service [https://something.net/whatever]
I tried to investigate the cause for this and wondered why does the service id on the ticket have the params included or is that on purpose.
I then found this in SimpleWebApplicationServiceImpl.java:
public static SimpleWebApplicationServiceImpl createServiceFrom(
final HttpServletRequest request) {
...
final String serviceToUse;
...
} else if (StringUtils.hasText(service)) {
serviceToUse = service;
final String id = cleanupUrl(serviceToUse);
...
return new SimpleWebApplicationServiceImpl(id, serviceToUse,
artifactId, "POST".equals(method) ? Response.ResponseType.POST
: Response.ResponseType.REDIRECT);
}
The cleanupUrl method:
/**
* Cleanup the url. Removes jsession ids and query strings.
*
* @param url the url
* @return sanitized url.
*/
protected static String cleanupUrl(final String url) {
if (url == null) {
return null;
}
final int jsessionPosition = url.indexOf(";jsession");
if (jsessionPosition == -1) {
return url;
}
final int questionMarkPosition = url.indexOf('?');
if (questionMarkPosition < jsessionPosition) {
return url.substring(0, url.indexOf(";jsession"));
}
return url.substring(0, jsessionPosition)
+ url.substring(questionMarkPosition);
}
So it seems that the query parameters are never removed from the URL if there no jsession in it. Is this on purpose? Is it so that if a ticket is requested for service=http://xxx?yyy=zzz then the validation can not be made against http://xxx ?
Thanks!
Tom
Tom Andersson
Oct 27, 2016, 2:21:13 AM10/27/16
to CAS Community
Hello, I'd like to have some clarification on this, if possible. The issue still persists and I'm having trouble understanding if this is the way it's supposed to work? Any opinions?
Thank you!
Tom
Ray Bon
Oct 27, 2016, 1:39:34 PM10/27/16
to cas-...@apereo.org
Tom,
The service associated with the ST is specific. The error in your logs is there because your client is trying to validate without parameters. Either the redirect from CAS to your service after login has no parameters or your service is stripping the parameters when trying to post validation.
My money is on the client.
Ray
The service associated with the ST is specific. The error in your logs is there because your client is trying to validate without parameters. Either the redirect from CAS to your service after login has no parameters or your service is stripping the parameters when trying to post validation.
My money is on the client.
Ray
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c71cd09c-cbba-4717-841a-1bff18ad7432%40apereo.org.
-- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE C023 | rb...@uvic.ca
Reply all
Reply to author
Forward
0 new messages