Affects Version/s: 14.0.0, 14.1.0, 14.1.1, 14.5.0
The policy evaluation response is incorrect if the URL query string sent for evaluation contains the unencoded string :// (ie. as in http://example.com/test?http://test )
If the string is encoded as :%2F%2F then the response is as expected.
Note that this is a change in behaviour from previous releases - 13.5.x for example does not require such encoding.
1). Configure a policy resource, for example:
2). Send the following unencoded :// characters after the ? parameter as a POST body to http://openam.example.com:8080/AM/json/realms/root/policies?_action=evaluate
This returns (note empty actions):
3). Send the following encoded example:
This is successful:
Sending the a URL parameter containing unencoded :// should evaluate as expected.
Policy evaluation is not as previous releases.
Encode the :// as :%2F%2F