Details
Details
Assignee
William G. Thompson, Jr.
William G. Thompson, Jr.Reporter
Matt Borja
Matt BorjaLabels
Estimated End Date
Feb 10, 2015
Original estimate
Add estimate
Time tracking
No time logged
Components
Affects versions
Priority
Created February 10, 2015 at 3:46 PM
Updated February 10, 2015 at 3:46 PM
When specifying an explicit proxyCallbackUrl in Web.config:
https://app.example.com/Account/ProxyCallbackUrl?proxyResponse=true
The base path should have been /Account/ProxyCallbackUrl but instead was being rewritten as /Account/CurrentMethod where CurrentMethod could be any route the client is currently browsing. The corresponding error in cas.log then becomes:
InvalidProxyChainTicketValidationException: Invalid proxy chain: https://app.example.com/Account/Restricted?proxyResponse=true
The proposed file change effectively "scopes" the setting of the base path when and only when no CasAuthentication.CasProxyCallbackUrl has been specified and resolves the issue:
[org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] - Successfully authenticated user: jdoe
See pull request here: https://github.com/Jasig/dotnet-cas-client/pull/21