Re: [cas-user] url-encoding causes "does not match supplied service" validation error

Wed, 30 Jun 2010 08:04:43 -0700 

Which CAS client are you using?


On Wed, Jun 30, 2010 at 10:55 AM, Ken Burcham <[email protected]> wrote:

> Hi everyone,
>
> We are rolling out the latest cas and have an error happening with a cilent
> that url-encodes the service parameter:
>
>
> https://cas2.mygcx.org/internal/login?service=https%3A%2F%2Fdataserver.tntkdware.com%2Fdataserver%2Ftoontown%2Fstaffportal%2Flogin.aspx%3FReturnUrl%3D%252fdataserver%252ftoontown%252fstaffportal%252fdefault.aspx&logoutCallback=https%3A%2F%2Fdataserver.tntkdware.com%2Fdataserver%2Ftoontown%2Fstaffportal%2Flogin.aspx%3FReturnUrl%3D%252fdataserver%252ftoontown%252fstaffportal%252fdefault.aspx
>
> which we then try to validate:
>
>
> https://cas2.mygcx.org/internal/serviceValidate?service=https://dataserver.tntkdware.com/dataserver/toontown/staffportal/login.aspx?ReturnUrl=/dataserver/toontown/staffportal/default.aspx&ticket=ST-11-LPrVR3IDADciCrDxbu3F-cas
>
> which gives us:
>
> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
>        <cas:authenticationFailure code='INVALID_SERVICE'>
>                ticket &#039;ST-11-LPrVR3IDADciCrDxbu3F-cas&#039; does not
> match supplied service.  The original service was &#039;
> https://dataserver.tntkdware.com/dataserver/toontown/staffportal/login.aspx?ReturnUrl=%2fdataserver%2ftoontown%2fstaffportal%2fdefault.aspx&#039;
> and the supplied service was &#039;
> https://dataserver.tntkdware.com/dataserver/toontown/staffportal/login.aspx?ReturnUrl=/dataserver/toontown/staffportal/default.aspx&#039
> ;.
>        </cas:authenticationFailure>
> </cas:serviceResponse>
>
> And the two urls extracted from that error message for readability:
>
>
> https://dataserver.tntkdware.com/dataserver/toontown/staffportal/login.aspx?ReturnUrl=%2fdataserver%2ftoontown%2fstaffportal%2fdefault.aspx
>
>
> https://dataserver.tntkdware.com/dataserver/toontown/staffportal/login.aspx?ReturnUrl=/dataserver/toontown/staffportal/default.aspx
>
> The only difference which I can tell is the url-encoding...
>
> So do I need to make sure all clients don't url-encode their service
> parameter or is there something I can do to tell CAS to allow them? Or is
> this possibly a CAS bug?
>
> thanks,
>
> ken.
>
> Ken Burcham
> Damrei Web Development
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to