[OPENAM-6266] Allow the confirmation email URL in the Forgotten password service to be a relative path Created: 30/Jun/15  Updated: 20/Nov/16  Resolved: 25/Aug/15

Status: Resolved
Project: OpenAM
Component/s: rest
Affects Version/s: 12.0.0, 13.0.0
Fix Version/s: 12.0.3, 13.0.0

Type: Improvement Priority: Major
Reporter: Quentin CASTEL [X] (Inactive) Assignee: Quentin CASTEL [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to OPENAM-6996 The register email URL in the self re... Resolved
Sprint: Sprint 84 - Sustaining, Sustaining Sprint 11
Support Ticket IDs:


If you have two domains that point to OpenAM, you may want to have a confirmation email URL that depends of the domain where you start the request:

If you send the email from "http://rock.example.com:8080/openam/XUI/#forgotPassword/", you want to have a confirmation URL with the same domain

but you also want to be able to use it from the other domain "http://openam.example.com:8080/openam/XUI/#forgotPassword/" and therefore, having a confirmation URL that look like http://openam.example.com:8080/openam/XUI/confirm.html?confirmationId=pT1XtJ3FiKw6Ylt+WCmbs4aC32M=&tokenId=kutn6LOiia6HarCH+OXjisZyUqw=&username=demo&realm=/

Today, if you define a relative path as a confirmation URL, OpenAM doesn't append the current deployment URL.

We can imagine that the setting "/XUI/confirm.html" could be valid and represent the relative path.

Comment by Peter Major [X] (Inactive) [ 30/Jun/15 ]

Potentially the new base URL service could be utilized to improve the behavior.

Comment by Quentin CASTEL [X] (Inactive) [ 25/Aug/15 ]

Fixed in 13.0.0 r15358
Fixed in 12.0.2 r15364

Generated at Sat Oct 24 01:05:37 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.