Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-2616

Zero page login restriction is too strong

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.2, 11.0.0
    • Fix Version/s: 10.0.2, 11.0.0
    • Component/s: authentication
    • Labels:
      None
    • Rank:
      1|hznynj:

      Description

      It seems that this now fails too:

      curl -d "IDToken1=demo&IDToken2=changeit" http://das.example.com:18080/auth/UI/Login
      

      The original purpose of this feature was to prevent GET requests containing passwords, but the above POST now fails as well. This could cause troubles for example if you clear your cookies and try to submit the login page.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              peter.major Peter Major [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: