Affects Version/s: 126.96.36.199, 188.8.131.52, 184.108.40.206
Fix Version/s: 220.127.116.11
In an AM/IDM 6.5 fullstack environment where social authentication is used and provisioning is delegated to IDM, if an arbitrary redirect_uri is sent during the initiation of the flow then the flow completes but instead of being directed to the redirect_uri value the user is instead directed to the IDM 6.5 end-user UI.
This is reportedly a regression in behaviour from that in IDM 5.x.
Initial setup - follow the documentation:
1). Set up IDM 18.104.22.168 (also tested with 22.214.171.124) and AM 126.96.36.199
2). Configure IDM and AM for fullstack and then configure for social IDP so that IDM is responsible for account creation. Use Google for this scenario. For user registration don't enable email verification or KBA options to keep the flow simple although these options should be verified as part of the resolution to this issue.
3). Verify the flow works as expected: access IDM, be redirected to AM, choose the Google icon, authentication to Google and then the flow should end up on the IDM end-user UI where the account is provisioned with the details from Google.
1). Instead of initiating the flow from the IDM UI, paste the following URL into the browser (adjusting where necessary):
...note the presence of the arbitrary redirect_uri.
2). On the presented AM login page again choose the Google option and watch as the flow completes however instead of ending at the arbitrary redirect specified in the initial request the flow again ends on the end-user UI which is the value set in the authentication.json file as: