Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.8.2
Affects Version/s: 5.5, 5.6.3, 5.6.4, 5.6.6
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

seraph-config.xml

<security-config>
	<parameters>
		<init-param>
			<param-name>login.url</param-name>
			<!--<param-value>/login.action?os_destination=${originalurl}</param-value>-->
            <param-value>http://sso.example.com/?lastPage=${originalurl}</param-value>
		</init-param>

If a user is NOT authenticated via SSO and visits this Confluence link:

https://confluence.example.com/pages/viewpage.action?pageId=123456
a 302 redirect to
https://sso.example.com/?lastPage=https%3A%2F%2Fconfluence.example.com%2Fpages%2Fviewpage.action%3FpageId%3D123456 is triggered, which leads the user to the SSO login and then back to the desired Confluence page, good.

However, if the user instead visits an attachment link like:

https://confluence.example.com/download/attachments/123456/example.PNG?api=v2 a 302 redirect to
https://sso.example.com/?lastPage=%2Fdownload%2Fattachments%2F123456%2Fexample.PNG%3Fapi%3Dv2 is triggered but the server base url is missing, hence there is no way to redirect the user back to the attachment after a successfull login with SSO.

I suppose, that this is related to ~~CONF-29144~~.

Attachments

Issue Links

is related to

CONFSERVER-30930 Directly downloading an attachment will fail if not logged in

Closed

relates to

CONFSERVER-29144 Directly being linked to an attachment before logging in will redirect to a 'action not permitted' message

Closed

CONFSERVER-35249 last-updated macro doesn't display anonymous profile picture but broken image

Closed

mentioned in: Page Loading...

Activity

People

Assignee:: Xavier Sanchez

Reporter:: Tim

Votes:: 4 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 11/Dec/2014 7:58 AM

Updated:: 11/Oct/2018 8:37 AM

Resolved:: 14/May/2015 6:43 AM