-
Type:
Defect
-
Resolution: Done
-
Priority:
Minor
-
Affects Version/s: 1.0.0
-
Component/s: Authorization, Login
-
None
There is a provider endpoint in the gateway.properties that should be used by the OpenidYadisController class.
However, the class is performing simple string replacement to calculate the endpoint.
For example:
A user submits an open id: http://localhost:8080/ESG-CET/myopenid/testUser (note the use of http and 8080)
The OpenidYadisController will perform some string munging and get the following url: https://localhost:8080/ESG-CET/openid/provider.htm (notice the use of https and 8080)
The new endpoint url will cause exceptions in the browser and consumer/provider communication because of the mixture of protocols (http and https).
This shouldn't be an issue in production systems, but if a gateway decides to use port numbers we would see this problem.
However, the class is performing simple string replacement to calculate the endpoint.
For example:
A user submits an open id: http://localhost:8080/ESG-CET/myopenid/testUser (note the use of http and 8080)
The OpenidYadisController will perform some string munging and get the following url: https://localhost:8080/ESG-CET/openid/provider.htm (notice the use of https and 8080)
The new endpoint url will cause exceptions in the browser and consumer/provider communication because of the mixture of protocols (http and https).
This shouldn't be an issue in production systems, but if a gateway decides to use port numbers we would see this problem.