entityId url encoding and MDUI

[bilias]

Hi,
I've implemented SSO for Shibboleth IdP (External) as per:
https://apereo.github.io/cas/6.4.x/integration/Shibboleth.html which works fine.

I'm also trying to implement
Displaying SAML MDUI as per same document, which does not work.

I've tracked the issue to be the URL thas comes to CAS. For instance:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp

If I replace entityId%3D to -> entityId=
then everything works as expected.

Is it a problem of shib-cas-authn or CAS side not being able to decode %3D correctly?

[bilias]

In advance this only happens with
shibcas.entityIdLocation = embed

setting it back to append fixes it.

code is:

`

if ("append".equalsIgnoreCase(entityIdLocation)) {
        parameterBuilders.add(new EntityIdParameterBuilder());
    }

if ("embed".equalsIgnoreCase(entityIdLocation)) {
        serviceUrl += (new EntityIdParameterBuilder().getParameterString(request, false));
    }

public String getParameterString(final HttpServletRequest request, final boolean encode) {

`

[pspaude]

Unfortunately all the various log4j and spring shell bugs have forced updates to Java applications and this fell off our radar. We're hoping to look at this soon. Just wanted to let you know we haven't forgotten this and will get a feature update or a response to this. Thanks!