Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3659

OAuth2 auth module uses HttpServletRequest.getRequestURL() to construct ORIG_URL cookie

    Details

    • Support Ticket IDs:

      Description

      OAuth.process

      switch (state) {
      case ISAuthConstants.LOGIN_START: {
      config.validateConfiguration();
      serverName = request.getServerName();
      String requestedURL = request.getRequestURL().toString();
      String requestedQuery = request.getQueryString();

      HttpServletRequest.getRequestURL returns protocol://hostname of the server hosting the servlet and not what's displayed on browser. So if OpenAM server is behind reverse proxy, it will return wrong URL.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                sachiko Sachiko Wallace
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: