Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9992

Unable to set realm DNS alias for Push auth/reg URLs

    Details

    • Sprint:
      AM Sustaining Sprint 31
    • Story Points:
      3
    • Support Ticket IDs:

      Description

      When setting up a Push Authentication/Registration chain (https://backstage.forgerock.com/docs/openam/13.5/admin-guide#proc-authn-mfa-chain-push)

      The OpenAM generated push registration and auth URLs (base64url decoded from the QR code) appear to be hard coded to use the site URL + port + realm parameter. If no site exists, the server URL is used instead, i.e.

      http://lb.example.com:18080/openam/json/push/sns/message?_action=authenticate
      
      

      or

      http://openam.example.com:18080/openam/json/push/sns/message?_action=authenticate
      
      

      This is fine as long as the site/server URL is accessible externally, but in cases where the direct site/server URL is restricted for security reasons and realm DNS aliases are used for external access, the auth/reg URLs will never be accessible.

      Expected Outcome:

      Push Auth/Reg URLs should be configurable to allow realm DNS aliases.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                john.noble John Noble
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: