Service URL with semicolons separated values in parameters are stripped right at the first semicolon when redirected after auth
when you want to access a CAS service url containing parameters with values separated by semicolons, LemonLDAP strip the url right at the first semicolon
This appears only when you are not connected (because of the cas redirection to service url) and it's a bug with perl when redirecting to an unencoded url
Example : connect to https://auth.example.com/cas/login?service=https://appli.example.com?param=1;2;3 lead you yo : https://appli.example.com?param=1 instead of : https://appli.example.com?param=1;2;3
My solution to this issue was to patch my LemonLDAP instance to encode semicolon with %3B before redirect
in portal/IssuerDBCAS.pm (v1.4.6) :
@@ -608,7 +608,9 @@ sub issuerForAuthUser {
my $Sinfos;
$Sinfos->{type} = 'casService';
- $Sinfos->{service} = $service;
+ my $alt_service = $service;
+ $alt_service =~ s/;/%3B/g;
+ $Sinfos->{service} = $alt_service;
$Sinfos->{renew} = $casRenewFlag;
$Sinfos->{_cas_id} = $session_id;
$Sinfos->{_utime} = $time;
{code}
This behavior also appears when accessing a protected url unauthenticated
so same patch in portal/Simple.pm (v1.4.6)
{code:perl}
@@ -2592,9 +2592,11 @@ sub autoRedirect {
return PE_REDIRECT;
}
else {
+ my $url_alt = $self->{urldc};
+ $url_alt =~ s/;/%3B/g;
print $self->redirect(
-status => '303 See Other',
- -location => $self->{urldc},
+ -location => $url_alt,
);
$self->quit();
}
I'm neither a perl coder nor a ll::NG specialist, so I post this issue and patch to be reviewed, improved and included in LL::NG next version if relevant !