Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10624

Support validation of arbitrary scheme goto URLs

    Details

    • Support Ticket IDs:

      Description

      The validation service and the list of valid goto URL domains should support arbitrary scheme redirects, eg. when accessing /UI/Login?goto=myscheme://test.com we should be able to validate the goto URL correctly. This is necessary to better support mobile applications (not always http or https).

      Currently sending a non-http scheme as the goto leaves the user on the 'You have been logged out' page.

      14.0 XUI syntax examples:

      http scheme:

      http://openam.example.com:8080/OpenAM-14.0.0/XUI/#logout/&goto=http://test.com

      Redirects as expected.

      Non-http scheme:

      http://openam.example.com:8080/OpenAM-14.0.0/XUI/#logout/&goto=myscheme://test.com

      Leaves the user on the 'You have been logged out' page.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                andy.itter Andy Itter
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: