Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenIdAuthenticator may use incorrect redirect #6205

Closed
jmcc0nn3ll opened this issue Apr 21, 2021 · 0 comments · Fixed by #6211, #6265 or #6264
Closed

OpenIdAuthenticator may use incorrect redirect #6205

jmcc0nn3ll opened this issue Apr 21, 2021 · 0 comments · Fixed by #6211, #6265 or #6264
Assignees
Milestone

Comments

@jmcc0nn3ll
Copy link
Contributor

Jetty version

Jetty 10/11

Java version

OS type/version

Description

If a javascript application is running in the background of a browser (like cometd trying to connect) and the server is stopped and then started then when the user submits a request for an address within the application the openid authenticator will likely redirect to an internal cometd url instead of the original clicked link.

2021-04-21 06:34:13.497:DEBUG:oejso.OpenIdAuthenticator:qtp640363654-49: validateRequest(Request(GET http://localhost:8080/)@5cfae74f,HTTP/1.1 200 |Date: Wed, 21 Apr 2021 11:34:13 GMT<|<|,true)
...
2021-04-21 06:34:16.399:DEBUG:oejso.OpenIdCredentials:qtp640363654-32: claims { ... }
2021-04-21 06:34:16.407:DEBUG:oejso.OpenIdAuthenticator:qtp640363654-32: authenticated OpenId{User,OPENID,DefaultUserIdentity('111707093257242721596')}->http://localhost:8080/core/connect
2021-04-21 06:34:16.414:DEBUG:oejso.OpenIdAuthenticator:qtp640363654-27: Restoring original method POST for http://localhost:8080/core/connect with method GET
2021-04-21 06:34:16.415:DEBUG:oejso.OpenIdAuthenticator:qtp640363654-27: validateRequest(Request(POST http://localhost:8080/core/connect)@5cfae74f,HTTP/1.1 200 |Date: Wed, 21 Apr 2021 11:34:16 GMT<|Set-Cookie: JSESSIONID=node01w1inwnrz1uzc1oon36n09gqm21.node0; Path=/<|Expires: Thu, 01 Jan 1970 00:00:00 GMT<|<|,true)
2021-04-21 06:34:16.415:DEBUG:oejso.OpenIdAuthenticator:qtp640363654-27: auth retry SessionAuthentication@1eb39854{-,DefaultUserIdentity('111707093257242721596')}->http://localhost:8080/core/connect
2021-04-21 06:34:16.415:DEBUG:oejso.OpenIdAuthenticator:qtp640363654-27: auth SessionAuthentication@1eb39854{-,DefaultUserIdentity('111707093257242721596')}

This looks like it might be addressed with the partially implemented 'alwaysSaveUri' functionality in the jetty-openid module. Investigating.

@jmcc0nn3ll jmcc0nn3ll added this to the 10.0.x milestone Apr 21, 2021
lachlan-roberts added a commit that referenced this issue Apr 22, 2021
…nit param.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue Apr 26, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue May 10, 2021
Use the OpenID state param to map to the redirect URI.
lachlan-roberts added a commit that referenced this issue May 10, 2021
Use the OpenID state param to map to the redirect URI.
lachlan-roberts added a commit that referenced this issue May 12, 2021
Use the OpenID state param to map to the redirect URI.
sbordet pushed a commit that referenced this issue May 12, 2021
Use the OpenID state param to map to the redirect URI.
lachlan-roberts added a commit that referenced this issue May 12, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue May 12, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue May 12, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
sbordet pushed a commit that referenced this issue May 12, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue May 12, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
sbordet pushed a commit that referenced this issue May 12, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment