Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3659

OAuth2 auth module uses HttpServletRequest.getRequestURL() to construct ORIG_URL cookie

    Details

    • Support Ticket IDs:

      Description

      OAuth.process

      switch (state) {
      case ISAuthConstants.LOGIN_START: {
      config.validateConfiguration();
      serverName = request.getServerName();
      String requestedURL = request.getRequestURL().toString();
      String requestedQuery = request.getQueryString();

      HttpServletRequest.getRequestURL returns protocol://hostname of the server hosting the servlet and not what's displayed on browser. So if OpenAM server is behind reverse proxy, it will return wrong URL.

        Attachments

          Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-3660 RedirectCallbackHander uses HttpServletRequest.getRequestURL to construct AM_REDIRECT_BACK_SERVER_URL

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-5130 OAuth2 authorization will redirect using scheme://hostname:port of OpenAM server rather than reverse proxy

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-5237 OAuth2 authorization consent page uses absolute URL in FORM tag

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                sachiko Sachiko Wallace
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: