Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3252

LoginServlet reroute logic should consider AMAuthCookie as request parameter

    XMLWordPrintable

    Details

    • Rank:
      1|hzo58f:
    • Support Ticket IDs:

      Description

      Imagine the following scenario:

      • user submits SAML AuthnRequest to server1, iPDP cookie is empty, but the AMAuthCookie has a value (i.e. has an authentication session, for example because opening the login screen previously)
      • the AMAuthCookie points to server2, hence the LoginServlet forwards the request to server1. The authentication occurs, but after the authentication server1 tries to resolve the SAML Request, but that was sent to server2 initially, so it results in the Unable to get AuthnRequest error.

      A similar approach to OPENAM-1858 needs to be considered, i.e. the AMAuthCookie from the request parameter should have precedence over the cookie value, that way preventing unwanted request proxy.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              peter.major Peter Major [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: