Wrong encoding of the resource to create the returnTo parameter
---------------------------------------------------------------
Key: SLING-1857
URL: https://issues.apache.org/jira/browse/SLING-1857
Project: Sling
Issue Type: Bug
Components: Authentication
Affects Versions: OpenID Authentication 1.0.0
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: OpenID Authentication 1.0.2
When setting the returnTo request parameter for the OpenID request to the
server, the request context path (or / if empty) is prefixed to the URL encoded
resource path. This resulting path is the URL encoded again with the following
problematic consequences:
* The returnTo path contains a double-slash, e.g. http://host//path/to/url
* The actual resource path ion the returnTo parameter is encoded twice
Particularly the first problem is an issue because it prevents the correct
authentication handler to be selected on return from the OpenID provider thus
causing the authentication to fail. This is a real problem if the OpenID
authentication handler is not registered to the root but somewhere below.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
