Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16431

goto urls are ignored unless they are added to the validation service

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 7.0.0
    • 7.0.0, 6.5.3
    • documentation
    • ForgeRock Access Management 7.0.0-SNAPSHOT Build 0f6085481caaac41ec8cf68caded1b3c8c07b72d (2020-June-25 04:00)
    • Rank:
      1|i01ewv:
    • No
    • No
    • No
    • No (add reasons in the comment)

      Description

      Bug description

      goto urls are ignored unless they are added to the validation service, this behaviour is not reflected in the documentation

      How to reproduce the issue

      By default, AM redirects the user to the URL specified in the goto and gotoOnFail query string parameters supplied to the authentication interface during login and logout. You can increase security against possible phishing attacks through open redirect by specifying a list of valid URL resources using the Validation Service.

      https://ea.forgerock.com/docs/am/security-guide/securing-realms.html#configure-valid-goto-url-resources

      Expected behaviour

      If this behaviour is intentional the docs should reflect it

      Current behaviour

      goto urls are ignored unless they are added to the validation service

        Attachments

          Issue Links

            Activity

              People

              cristina.herraz Cristina Herraz [X] (Inactive)
              AndrewVinall Andrew Vinall
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: