-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 11.0.0
-
Component/s: authentication
-
Labels:
-
Support Ticket IDs:
OAuth.process
switch (state) {
case ISAuthConstants.LOGIN_START: {
config.validateConfiguration();
serverName = request.getServerName();
String requestedURL = request.getRequestURL().toString();
String requestedQuery = request.getQueryString();
HttpServletRequest.getRequestURL returns protocol://hostname of the server hosting the servlet and not what's displayed on browser. So if OpenAM server is behind reverse proxy, it will return wrong URL.
- relates to
-
OPENAM-3660 RedirectCallbackHander uses HttpServletRequest.getRequestURL to construct AM_REDIRECT_BACK_SERVER_URL
-
- Resolved
-
-
OPENAM-5130 OAuth2 authorization will redirect using scheme://hostname:port of OpenAM server rather than reverse proxy
-
- Resolved
-
-
OPENAM-5237 OAuth2 authorization consent page uses absolute URL in FORM tag
-
- Resolved
-