Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5534

OAuth2/OIDC SSL connection is based on incoming request not on the site configuration

    Details

    • Sprint:
      Sprint 79 - Team Tesla, Sprint 80 - Team Tesla
    • Support Ticket IDs:

      Description

      When the OAuth2/OIDC code determines whether to use a SSL connection or not is based on the http scheme of the incoming request. The problem with this is that the AM instance could be a part of a site where the external connection to the site is done over SSL but the request to the AM instance is over plain HTTP.

      The site configuration should be taken into consideration when determining whether to use SSL or not.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jamesphillpotts James Phillpotts
                Reporter:
                phillcunnington Phill Cunnington
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: