Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-7898

Increase OAuth authorization code character limit to support Azure and others

    Details

    • Sprint:
      AM Sustaining Sprint 16
    • Support Ticket IDs:

      Description

      When trying to setup Azure as an IDP with the "OAuth 2.0 / OpenID Connect" authentication module, parameter code not valid message is received on the redirect from Azure to OpenAM. It seems the following check in OAuthProxy.java is what is causing the problem:

      if (!ESAPI.validator().isValidInput(PARAM_CODE, code, "HTTPParameterValue", 512, true)) {
          OAuthUtil.debugError("OAuthProxy.toPostForm: Parameter " + PARAM_CODE
                  + " is not valid!! : " + code);
          return getError("Request not valid");
      }
      

      There is a 512 character limit on the code, but Azure is sending longer codes than that. Note that a similar checks are also made in ConsumerRequest.java and OAuth.java.

      It is recommended that the limit be increased to 2000 in line with the URL length limits set in modern web browsers or, make it configurable with an advanced option.

      A ForgeRock partner has confirmed that altering the character limit to a much higher value will fix the problem with Azure.

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              simon.harding Simon Harding
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: