[OPENAM-5237] OAuth2 authorization consent page uses absolute URL in FORM tag - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 11.0.2
Fix Version/s: 11.0.3, 12.0.1, 13.0.0
Component/s: oauth2
Labels:
- EDISON
- release-notes

Target Version/s:

12.0.1
Rank:
1|hzoyjr:

Support Ticket IDs:

Description

OAuth2 authorization consent page uses absolute URL to submit user's consent feedback. This causes issues if authorization server is running behind proxy server/loadbalancer because it could retrieve wrong scheme://host:port

Attachments

Issue Links

is related to

OPENAM-3659 OAuth2 auth module uses HttpServletRequest.getRequestURL() to construct ORIG_URL cookie

Resolved

OPENAM-3660 RedirectCallbackHander uses HttpServletRequest.getRequestURL to construct AM_REDIRECT_BACK_SERVER_URL

Resolved

OPENAM-5130 OAuth2 authorization will redirect using scheme://hostname:port of OpenAM server rather than reverse proxy

Resolved

Activity

People

Assignee:

Sachiko Wallace

Reporter:

Sachiko Wallace

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

07/Dec/14 9:00 PM

Updated:

20/Nov/16 12:30 PM

Resolved:

17/Dec/14 2:20 AM