GitLab

Created by: samrocketman

When I have gitlab configured with CAS through omniauth I find that the service ticket is requested with one URL and validated against a completely different URL. It seems to be double encoding the URL string somewhere. I don't really know ruby though I can kind of tell what is going on by reading through the code.

Due to the validation happening through a different double encoded URL I get the response 'Invalid Ticket' from CAS. In the CAS logs it actually shows the request coming in for a ticket in one URL and the validation happening for a similar yet double encoded URL. Since the double encoded URL wasn't requested with CAS it hands back Invalid ticket because it was not originally requested using that double encoded URL.

That being the case it appears gitlab is encoding the URL before passing it to omniauth-cas which is also encoding the URL. This is not a desired behavior.

I forgot to mention version information.

Red Hat Enterprise Linux Server release 6.4 (Santiago)
Apache httpd 2.2.15 ProxyPass port 8080 serving SSL with http -> https redirect
/usr/local/bin/git version 1.8.4
/usr/local/bin/ruby 1.9.3p452 (2013-07-11 revision 41909) [x86_64-linux]
gitlabhq branch * 6-0-stable 6c1c284 Merge pull request #4895 from axilleas/clear-cache
omniauth-cas 1.0.2 installed via gem install omniauth-cas via the gitlab Gemfile
SELinux enabled with proper sebool settings to allow httpd ProxyPass

My $PATH is configured to have /usr/local/bin first and I have specified /usr/local/bin/git in gitlab.yml.