[OPENAM-13109] Default org.forgerock.openam.redirecturlvalidator.maxUrlLength is too short Created: 21/May/18  Updated: 29/Jun/18  Resolved: 29/Jun/18

Status: Closed
Project: OpenAM
Component/s: authentication
Affects Version/s: 5.5.1, 6.0.0
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Andrew Dunn [X] (Inactive) Assignee: Unassigned
Resolution: Won't Fix Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
Support Ticket IDs:

 Description   

Bug description

A CDSSO flow using, for example, J2EE Agent 3.5.1 with an initial URL of around 400-500 bytes long can potentially result in a goto URL of over 2000 bytes, in which case the default value of org.forgerock.openam.redirecturlvalidator.maxUrlLength is exceeded.

Resulting in the user being redirected to their profile page.

Is there any reason not to increase this value ?

 

It will also help to have an error level log in isRedirectUrlValid()

if (url.length() > MAX_URL_LENGTH) {
DEBUG.message("RedirectUrlValidator.isRedirectUrlValid:"
+ " The url was length {} which is longer than the allowed maximum of {}",
url.length(), MAX_URL_LENGTH);
return false;
}

 

Workaround
Set manually using org.forgerock.openam.redirecturlvalidator.maxUrlLength



 Comments   
Comment by Andrew Vinall [ 21/May/18 ]

Bug Triage: Andrew Dunn [X] Is there a customer ticket associated with this problem?

Comment by Jonathan Thomas [ 29/Jun/18 ]

Solution is to edit the org.forgerock.openam.redirecturlvalidator.maxUrlLength property

Generated at Mon Sep 21 16:17:20 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.