Even and I spoke offline, and although I don't have all the details (and
something sounds odd), it currently sounds like the core problem here is
that some server program (perhaps not stock Shibboleth itself) is
unusually non-compliant in its handling of URLs.[*]
Although the problem here does not appear to be in Racket, it wouldn't
hurt to modify "net/url" to permit a verbatim HTTP request path and
query components to be specified as an optional string/bytes argument,
separate from the URL argument. (Alternatively, you could do less
aggressive "%"-encoding of the query and fragment parts of the URL than
you do for the path, although that risks breaking *different* broken
server software. And you shouldn't *have* to be less aggressive.)
[*] I have implemented support for around a dozen different
single-signon Web authentication systems (lots of organizations do it
differently, despite SAML), incidental to my consulting practice, and
usually I only run into this kind of quirky behavior when dealing with
HTTP proxies/firewalls, not with IdPs or other authentication servers.
Neil
____________________
Racket Users list:
http://lists.racket-lang.org/users
