Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13109

Default org.forgerock.openam.redirecturlvalidator.maxUrlLength is too short

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 5.5.1, 6.0.0
    • Fix Version/s: None
    • Component/s: authentication
    • Labels:
    • Support Ticket IDs:

      Description

      Bug description

      A CDSSO flow using, for example, J2EE Agent 3.5.1 with an initial URL of around 400-500 bytes long can potentially result in a goto URL of over 2000 bytes, in which case the default value of org.forgerock.openam.redirecturlvalidator.maxUrlLength is exceeded.

      Resulting in the user being redirected to their profile page.

      Is there any reason not to increase this value ?

       

      It will also help to have an error level log in isRedirectUrlValid()

      if (url.length() > MAX_URL_LENGTH) {
      DEBUG.message("RedirectUrlValidator.isRedirectUrlValid:"
      + " The url was length {} which is longer than the allowed maximum of {}",
      url.length(), MAX_URL_LENGTH);
      return false;
      }

       

      Workaround
      Set manually using org.forgerock.openam.redirecturlvalidator.maxUrlLength

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              andrew.dunn Andrew Dunn [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: