Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14212

SAML redirect to login page fails if AM installed into the root context

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0, 7.0.0
    • Fix Version/s: 6.5.1, 6.5.0.2, 7.0.0
    • Component/s: SAML
    • Labels:
    • Target Version/s:
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      If AM is installed into the container root context, then when you hit /idpssoinit to being a SAML flow the redirect to the AM login UI fails because an incorrect redirect is generated.

      How to reproduce the issue

      1. Install AM into the container root context
      2. Configure SAML with a hosted IDP and remote SP
      3. Start an SSO flow using /idpssoinit (or idpSSOInit.jsp)
      Expected behaviour

      User is redirected to /UI/Login and then to the XUI to login.

      Current behaviour

      User is redirected to /idpssoinit/UI/Login or /saml2/UI/Login if using the JSP directly.

      Work around

      Explicitly configure the AuthUrl in the IDP settings (under Assertion Processing) to the full login URL.

      Code analysis

      com.sun.identity.saml2.profile.IDPSSOUtil#getAuthenticationServiceURL
      String uri = request.getRequestURI();
String deploymentURI = uri;
int firstSlashIndex = uri.indexOf("/");
int secondSlashIndex = uri.indexOf("/", firstSlashIndex + 1);
if (secondSlashIndex != -1) {
    deploymentURI = uri.substring(0, secondSlashIndex);
}

      This code assumes that there is a non-empty context path between the first two slashes in the URL. When deployed into the context root this is not true as the context path is empty.

        Attachments

          Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-14397 Integrated SAML2 fails when AM is deployed in the root context

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-14656 SAML redirect to login page on SP side fails if AM installed into the root context

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                neil.madden Neil Madden
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0h
                  0h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h
                  1h