OPENAM-1858, "AMAuthCookie=" is appended to the login URL, so it always initiates a new authentication session. Unfortunately the OAuth2 module saves this as ORIG_URL, and this will cause some real problems after successful authentication at the OAuth2 Provider. When it redirects back to the ORIG_URL, AMAuthCookie will be still there and that will result in creating a new auth session and new module instance. This will result in some unexpected failures, since proxyURL won't be correctly initialized.
Steps to reproduce:
- Set up OAuth2 client module with Facebook or Google
- make this OpenAM instance a SAML IdP
- create a SAML SP instance as well
- try to do SP initiated SSO
user gets authenticated, and a SAML Assertion is sent back to the SP
user sees an Authentication Failed screen.