Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5534

OAuth2/OIDC SSL connection is based on incoming request not on the site configuration

    Details

    • Sprint:
      Sprint 79 - Team Tesla, Sprint 80 - Team Tesla
    • Support Ticket IDs:

      Description

      When the OAuth2/OIDC code determines whether to use a SSL connection or not is based on the http scheme of the incoming request. The problem with this is that the AM instance could be a part of a site where the external connection to the site is done over SSL but the request to the AM instance is over plain HTTP.

      The site configuration should be taken into consideration when determining whether to use SSL or not.

        Attachments

          Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-3908 .well-known/openid-configuration should return endpoints as primary URL

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. OPENAM-6219 Documentation of Base URL Provider Service

          • Major - Major loss of function.
          • Resolved
          is required by

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-5438 JWT claim iss is incorrect

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

            Activity

              People

              • Assignee:
                jamesphillpotts James Phillpotts
                Reporter:
                phillcunnington Phill Cunnington
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: