[OPENAM-3659] OAuth2 auth module uses HttpServletRequest.getRequestURL() to construct ORIG_URL cookie Created: 18/Feb/14  Updated: 25/May/18  Resolved: 15/Apr/14

Status: Resolved
Project: OpenAM
Component/s: authentication
Affects Version/s: 11.0.0
Fix Version/s: 10.0.3, 11.0.2, 12.0.0

Type: Bug Priority: Major
Reporter: Sachiko Wallace Assignee: Sachiko Wallace
Resolution: Fixed Votes: 0
Labels: release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to OPENAM-3660 RedirectCallbackHander uses HttpServl... Resolved
relates to OPENAM-5130 OAuth2 authorization will redirect us... Resolved
relates to OPENAM-5237 OAuth2 authorization consent page use... Resolved
Support Ticket IDs:

 Description   

OAuth.process

switch (state) {
case ISAuthConstants.LOGIN_START: {
config.validateConfiguration();
serverName = request.getServerName();
String requestedURL = request.getRequestURL().toString();
String requestedQuery = request.getQueryString();

HttpServletRequest.getRequestURL returns protocol://hostname of the server hosting the servlet and not what's displayed on browser. So if OpenAM server is behind reverse proxy, it will return wrong URL.



 Comments   
Comment by Sachiko Wallace [ 18/Feb/14 ]

we can probably use AuthClientUtils.getValidFQDNResource to construct correct value

Comment by Tomas Hejret [ 16/Sep/14 ]

how to verify bug fix?

Generated at Wed Nov 25 07:50:32 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.