Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
By specifying the application.login.url.template property, you can allow parameters set by the RP to appear in the URL to which users are redirected to authenticate, using the OpenID 2.0 extension NS https://developer.atlassian.com/display/CROWDDEV/CrowdID+OpenID+extensions#CrowdIDOpenIDextensions-login-page-parameters.
For example, if CrowdID configuration includes
application.login.url.template=http://some.service.example/login?key=${key}
and if an OpenID checkid_setup request is received which includes parameters
openid.ns.ext1=https://developer.atlassian.com/display/CROWDDEV/CrowdID+OpenID+extensions#CrowdIDOpenIDextensions-login-page-parameters openid.ext1.key=value
Then users requiring authentication will be redirected to http://some.service.example/login?key=value.
The key names specified in application.login.url.template may not contain ‘}’ but are otherwise unrestricted. Values are replaced having been escaped suitably for use as query parameter values. Parameters absent in the OpenID request are replaced with empty strings.
It should be remembered that the values replaced in the login URL template are controlled by the (potentially external) relaying parties and as not necessarily to be trusted.
Attachments
Issue Links
- causes
-
CWD-4129 CrowdID v2 server does not work out of the box in the standalone distribution
- Closed
- is related to
-
CWD-3814 Null parameter values will break OpenID login url template expansion
- Closed
- is detailed by
-
CWDDEV-178 Loading...