Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5130

OAuth2 authorization will redirect using scheme://hostname:port of OpenAM server rather than reverse proxy

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.2
    • Fix Version/s: 14.5.0, 14.1.2
    • Component/s: oauth2
    • Labels:
    • Sprint:
      AM Sustaining Sprint 41, AM Sustaining Sprint 42
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      When accessing /oauth2/authorize without tokenID, OpenAM server will try to redirect the user to login page using scheme://hostname:port of OpenAM server rather than reverse proxy

      Daemon Thread [http-18080-1] (Suspended (breakpoint at line 208 in OpenAMIdentityVerifier))
      OpenAMIdentityVerifier.getAuthURL(Request) line: 208
      OpenAMIdentityVerifier.redirect(Request, Response) line: 155
      OpenAMIdentityVerifier.authenticate(Request, Response) line: 140
      OpenAMIdentityVerifier.verify(Request, Response) line: 86
      AuthorizeServerResource(AbstractFlow).getAuthenticatedResourceOwner() line: 394
      AuthorizeServerResource.represent() line: 109
      NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not available [native method]
      NativeMethodAccessorImpl.invoke(Object, Object[]) line: 57
      DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43
      Method.invoke(Object, Object...) line: 606
      AuthorizeServerResource(ServerResource).doHandle(AnnotationInfo, Variant) line: 506
      AuthorizeServerResource(ServerResource).get(Variant) line: 707
      AuthorizeServerResource(ServerResource).doHandle(Variant) line: 589
      AuthorizeServerResource(ServerResource).doNegotiatedHandle() line: 649
      AuthorizeServerResource(ServerResource).doConditionalHandle() line: 348
      AuthorizeServerResource(AbstractFlow).doConditionalHandle() line: 166
      AuthorizeServerResource(ServerResource).handle() line: 952
      OAuth2FlowFinder(Finder).handle(Request, Response) line: 246

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                sachiko Sachiko Wallace
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: