-
Defect
-
Resolution: Done
-
Minor
-
1.0.0
-
None
There is a provider endpoint in the gateway.properties that should be used by the OpenidYadisController class.
However, the class is performing simple string replacement to calculate the endpoint.
For example:
A user submits an open id: http://localhost:8080/ESG-CET/myopenid/testUser (note the use of http and 8080)
The OpenidYadisController will perform some string munging and get the following url: https://localhost:8080/ESG-CET/openid/provider.htm (notice the use of https and 8080)
The new endpoint url will cause exceptions in the browser and consumer/provider communication because of the mixture of protocols (http and https).
This shouldn't be an issue in production systems, but if a gateway decides to use port numbers we would see this problem.
However, the class is performing simple string replacement to calculate the endpoint.
For example:
A user submits an open id: http://localhost:8080/ESG-CET/myopenid/testUser (note the use of http and 8080)
The OpenidYadisController will perform some string munging and get the following url: https://localhost:8080/ESG-CET/openid/provider.htm (notice the use of https and 8080)
The new endpoint url will cause exceptions in the browser and consumer/provider communication because of the mixture of protocols (http and https).
This shouldn't be an issue in production systems, but if a gateway decides to use port numbers we would see this problem.