Oauth2 redirect to login page with wrong domain

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Oauth2 redirect to login page with wrong domain

BAUCHE, VALERIE

Hi

 

OpenAM is configured to allow 2 domains :

mydomain.fr

mydomain.com

 

When I request 

https://mydomain.fr/openam/

I’m redirected to

                https://mydomain.fr/openam/UI/Login

When I request 

https://mydomain.com/openam/

I’m redirected to

                https://mydomain.com/openam/UI/Login

 

That’s ok !

 

But when I use OpenIDConnect :

https://mydomain.fr/openam/oauth2/authorize...

https://mydomain.com/openam/oauth2/authorize...

always redirect to

https://mydomain.fr/openam/UI/Login

and never to mydomain.com…

 

Valérie

 


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2 redirect to login page with wrong domain

Andy Cory-2

Hi Valérie

 

How did you configure OpenAM to allow your 2 domains? I suspect you may be missing FQDN mappings in the advanced server properties. Something like:

 

com.sun.identity.server.fqdnMap[mydomain.fr]=mydomain.fr

com.sun.identity.server.fqdnMap[mydomain.com]=mydomain.com

 

 

Andy

 

 

From: <[hidden email]> on behalf of "BAUCHE, VALERIE" <[hidden email]>
Reply-To: Users <[hidden email]>
Date: Monday, 7 November 2016 at 15:45
To: Users <[hidden email]>
Subject: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi

 

OpenAM is configured to allow 2 domains :

mydomain.fr

mydomain.com

 

When I request 

https://mydomain.fr/openam/

I’m redirected to

                https://mydomain.fr/openam/UI/Login

When I request 

https://mydomain.com/openam/

I’m redirected to

                https://mydomain.com/openam/UI/Login

 

That’s ok !

 

But when I use OpenIDConnect :

https://mydomain.fr/openam/oauth2/authorize...

https://mydomain.com/openam/oauth2/authorize...

always redirect to

https://mydomain.fr/openam/UI/Login

and never to mydomain.com…

 

Valérie

 





This email has been scanned for all viruses.

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.

KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2 redirect to login page with wrong domain

BAUCHE, VALERIE

Hi

 

com.sun.identity.server.fqdnMap was missing, but I added it and it still doesn’t work…

 

 

Valérie

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Andy Cory
Sent: Monday, November 07, 2016 6:26 PM
To: Users
Subject: Re: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi Valérie

 

How did you configure OpenAM to allow your 2 domains? I suspect you may be missing FQDN mappings in the advanced server properties. Something like:

 

com.sun.identity.server.fqdnMap[mydomain.fr]=mydomain.fr

com.sun.identity.server.fqdnMap[mydomain.com]=mydomain.com

 

 

Andy

 

 

From: <[hidden email]> on behalf of "BAUCHE, VALERIE" <[hidden email]>
Reply-To: Users <[hidden email]>
Date: Monday, 7 November 2016 at 15:45
To: Users <[hidden email]>
Subject: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi

 

OpenAM is configured to allow 2 domains :

mydomain.fr

mydomain.com

 

When I request 

https://mydomain.fr/openam/

I’m redirected to

                https://mydomain.fr/openam/UI/Login

When I request 

https://mydomain.com/openam/

I’m redirected to

                https://mydomain.com/openam/UI/Login

 

That’s ok !

 

But when I use OpenIDConnect :

https://mydomain.fr/openam/oauth2/authorize...

https://mydomain.com/openam/oauth2/authorize...

always redirect to

https://mydomain.fr/openam/UI/Login

and never to mydomain.com…

 

Valérie

 





This email has been scanned for all viruses.

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.

KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2 redirect to login page with wrong domain

Andy Cory-2

Hi Valérie

 

When you are redirected from https://mydomain.com/openam/oauth2/authorize to https://mydomain.fr/openam/UI/Login, is it in one step? Or is there a redirect first to https://mydomain.fr/openam/oauth2/authorize? (Which would, for an unauthenticated user, then redirect to the .fr login page.) I’ve seen similar behaviour when I’ve configured OpenAM to handle two domains but not got it quite right – in my case it was the missing fqdnMap that was the cause. So I still think your problem may be down to misconfiguration in the way OpenAM is handling two domains, but it’s hard to be exact given that my first guess about the fqdnMap wasn’t the answer. Are both your domains pointing to the same realm using DNS aliases? Or one domain per realm? Which OpenAM version? Have you specified a Custom Login Url Template attribute for the OAuth2Provider service that specifies the .fr domain login page, by any chance?

 

 

Andy

 

From: <[hidden email]> on behalf of "BAUCHE, VALERIE" <[hidden email]>
Reply-To: Users <[hidden email]>
Date: Tuesday, 8 November 2016 at 09:58
To: Users <[hidden email]>
Subject: Re: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi

 

com.sun.identity.server.fqdnMap was missing, but I added it and it still doesn’t work…

 

 

Valérie

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Andy Cory
Sent: Monday, November 07, 2016 6:26 PM
To: Users
Subject: Re: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi Valérie

 

How did you configure OpenAM to allow your 2 domains? I suspect you may be missing FQDN mappings in the advanced server properties. Something like:

 

com.sun.identity.server.fqdnMap[mydomain.fr]=mydomain.fr

com.sun.identity.server.fqdnMap[mydomain.com]=mydomain.com

 

 

Andy

 

 

From: <[hidden email]> on behalf of "BAUCHE, VALERIE" <[hidden email]>
Reply-To: Users <[hidden email]>
Date: Monday, 7 November 2016 at 15:45
To: Users <[hidden email]>
Subject: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi

 

OpenAM is configured to allow 2 domains :

mydomain.fr

mydomain.com

 

When I request 

https://mydomain.fr/openam/

I’m redirected to

                https://mydomain.fr/openam/UI/Login

When I request 

https://mydomain.com/openam/

I’m redirected to

                https://mydomain.com/openam/UI/Login

 

That’s ok !

 

But when I use OpenIDConnect :

https://mydomain.fr/openam/oauth2/authorize...

https://mydomain.com/openam/oauth2/authorize...

always redirect to

https://mydomain.fr/openam/UI/Login

and never to mydomain.com…

 

Valérie

 





This email has been scanned for all viruses.

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.

KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.





This email has been scanned for all viruses.

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.

KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2 redirect to login page with wrong domain

BAUCHE, VALERIE

Hi

 

Thanks for your answer !

Yes it is one step.

The 2 domains point the same realm.

OpenAM version is 12.0.4

No Custom Login Url Template

 

 

Valérie

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Andy Cory
Sent: Tuesday, November 08, 2016 2:31 PM
To: Users
Subject: Re: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi Valérie

 

When you are redirected from https://mydomain.com/openam/oauth2/authorize to https://mydomain.fr/openam/UI/Login, is it in one step? Or is there a redirect first to https://mydomain.fr/openam/oauth2/authorize? (Which would, for an unauthenticated user, then redirect to the .fr login page.) I’ve seen similar behaviour when I’ve configured OpenAM to handle two domains but not got it quite right – in my case it was the missing fqdnMap that was the cause. So I still think your problem may be down to misconfiguration in the way OpenAM is handling two domains, but it’s hard to be exact given that my first guess about the fqdnMap wasn’t the answer. Are both your domains pointing to the same realm using DNS aliases? Or one domain per realm? Which OpenAM version? Have you specified a Custom Login Url Template attribute for the OAuth2Provider service that specifies the .fr domain login page, by any chance?

 

 

Andy

 

From: <[hidden email]> on behalf of "BAUCHE, VALERIE" <[hidden email]>
Reply-To: Users <[hidden email]>
Date: Tuesday, 8 November 2016 at 09:58
To: Users <[hidden email]>
Subject: Re: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi

 

com.sun.identity.server.fqdnMap was missing, but I added it and it still doesn’t work…

 

 

Valérie

 

From: [hidden email] [[hidden email]] On Behalf Of Andy Cory
Sent: Monday, November 07, 2016 6:26 PM
To: Users
Subject: Re: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi Valérie

 

How did you configure OpenAM to allow your 2 domains? I suspect you may be missing FQDN mappings in the advanced server properties. Something like:

 

com.sun.identity.server.fqdnMap[mydomain.fr]=mydomain.fr

com.sun.identity.server.fqdnMap[mydomain.com]=mydomain.com

 

 

Andy

 

 

From: <[hidden email]> on behalf of "BAUCHE, VALERIE" <[hidden email]>
Reply-To: Users <[hidden email]>
Date: Monday, 7 November 2016 at 15:45
To: Users <[hidden email]>
Subject: [OpenAM] Oauth2 redirect to login page with wrong domain

 

Hi

 

OpenAM is configured to allow 2 domains :

mydomain.fr

mydomain.com

 

When I request 

https://mydomain.fr/openam/

I’m redirected to

                https://mydomain.fr/openam/UI/Login

When I request 

https://mydomain.com/openam/

I’m redirected to

                https://mydomain.com/openam/UI/Login

 

That’s ok !

 

But when I use OpenIDConnect :

https://mydomain.fr/openam/oauth2/authorize...

https://mydomain.com/openam/oauth2/authorize...

always redirect to

https://mydomain.fr/openam/UI/Login

and never to mydomain.com…

 

Valérie

 





This email has been scanned for all viruses.

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.

KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.





This email has been scanned for all viruses.

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.

KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Loading...