-
-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem decoding UTF-8 URI components #78
Comments
The validation URL is clearly invalid. Instead of:
it should read:
Note the different encoding: |
Yes. The request is indeed generated by |
mod_cas_auth sends the following request line:
with bytes |
Hi.
We are currently trying to migrate all our CAS enabled applications to Keycloak using keycloak-protocol-cas provider. Among those applications we have an instance of MediaWiki. Beeing a Swedish organisation many user created pages contains non-ASCII characters in their title, thus also in the URL. I.e. https://wiki.[org].se/wiki/Övervakning. If this is the first page a user accesses, they will be required to authenicate themselves and gets redirected to Keycloak:
https://keycloak.[org].se/realms/[realm]/protocol/cas/login?service=https%3a%2f%2fwiki.[org].se%2fwiki%2f%C3%96vervakning
The wiki handles authentication in Apache HTTPD using mod_auth_cas (snippet with relevant VHost configuration):
After successful authentication user is redirected back to the wiki-application where the CAS-ticket failes to validate. The following validation request gives
HTTP Status 400 - Bad Request
: https://keycloak.[org].se/realms/[realm]/protocol/cas/samlValidate?TARGET=https%3a%2f%2fwiki.[org].se%2fwiki%2f\xc3\x96vervakning.Keycloak logs:
[org.keycloak.protocol.cas.endpoints.SamlValidateEndpoint] (executor-thread-93) Invalid SAML1.1 token Code not valid
Other requests to the same endpoint, without UTF-8 encoded characters, validates just fine.
My guess is that TARGET request parameter gets decoded wrong.
The text was updated successfully, but these errors were encountered: