[
https://issues.apache.org/jira/browse/SLING-1857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved SLING-1857.
--------------------------------------
Resolution: Fixed
Fixed in Rev. 1029803: Do not encode the resource path when used as the
returnTo path (this is done by the OpenID library). Likewise decoding is not
needed either. But before redirecting to the final target after validating the
OpenID response we have to include the request parameters to save them (from
the first request)
> Wrong encoding of the resource to create the returnTo parameter
> ---------------------------------------------------------------
>
> Key: SLING-1857
> URL: https://issues.apache.org/jira/browse/SLING-1857
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: OpenID Authentication 1.0.0
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: OpenID Authentication 1.0.2
>
>
> When setting the returnTo request parameter for the OpenID request to the
> server, the request context path (or / if empty) is prefixed to the URL
> encoded resource path. This resulting path is the URL encoded again with the
> following problematic consequences:
> * The returnTo path contains a double-slash, e.g. http://host//path/to/url
> * The actual resource path ion the returnTo parameter is encoded twice
> Particularly the first problem is an issue because it prevents the correct
> authentication handler to be selected on return from the OpenID provider thus
> causing the authentication to fail. This is a real problem if the OpenID
> authentication handler is not registered to the root but somewhere below.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
