Prevent proxyCallbackUrl from being rewritten by default configuration

Description

When specifying an explicit proxyCallbackUrl in Web.config:

https://app.example.com/Account/ProxyCallbackUrl?proxyResponse=true

The base path should have been /Account/ProxyCallbackUrl but instead was being rewritten as /Account/CurrentMethod where CurrentMethod could be any route the client is currently browsing. The corresponding error in cas.log then becomes:

InvalidProxyChainTicketValidationException: Invalid proxy chain: https://app.example.com/Account/Restricted?proxyResponse=true

The proposed file change effectively "scopes" the setting of the base path when and only when no CasAuthentication.CasProxyCallbackUrl has been specified and resolves the issue:

[org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] - Successfully authenticated user: jdoe

See pull request here: https://github.com/Jasig/dotnet-cas-client/pull/21

Environment

None

Activity

Show:

Matt Borja

created the Bug

February 10, 2015 at 3:46 PM

Resize issue view side panel

Details

Assignee

William G. Thompson, Jr.

Reporter

Matt Borja

Labels

Estimated End Date

Feb 10, 2015

Original estimate

Add estimate

Time tracking

No time logged

Components

CAS Protocol Support

Affects versions

NETC-1.0

Priority

Major

Created February 10, 2015 at 3:46 PM

Updated February 10, 2015 at 3:46 PM