the /login url accepts a new parameter that will be combined with service parameter for the user redirection after successful login.
This should fix #194 for real - dynamically setting service_url is a partial solution, but a bad one, because with constantly changing service_urls, the tickets are constantly invalidated (because the new request's service url won't match the previous request's service url).
I'm surprised this wasn't considered in the CAS spec, but I can't find any indication there that the original authors ever considered redirecting the user to a deep url within the project; seems like their assumption was always that the user hits the home page no matter what.
I tried to do this by looking at the Referer header first; that would have been more elegant and not required the users to upgrade their CAS integration gems - but it seems that many browsers do not send the referrer as the source of redirect (or at all) when redirected via 302 status code, so unfortunately we have to be explicit about specifying this.
Aeon
commented
9 years ago
the /login url accepts a new parameter that will be combined with service parameter for the user redirection after successful login.
This should fix #194 for real - dynamically setting service_url is a partial solution, but a bad one, because with constantly changing service_urls, the tickets are constantly invalidated (because the new request's service url won't match the previous request's service url).
I'm surprised this wasn't considered in the CAS spec, but I can't find any indication there that the original authors ever considered redirecting the user to a deep url within the project; seems like their assumption was always that the user hits the home page no matter what.
I tried to do this by looking at the Referer header first; that would have been more elegant and not required the users to upgrade their CAS integration gems - but it seems that many browsers do not send the referrer as the source of redirect (or at all) when redirected via 302 status code, so unfortunately we have to be explicit about specifying this.