Need to Validate The Returnurl Supplied to /idp/initiatesso So Only Valid Domains Are Available (Doc ID 2063229.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

We want to make sure that the returnurl value only redirects the user to a valid domain. This functionality is available in 
Oracle Identity Federation (OIF) 11.1.1.7 under setConfigProperty.

Reference is http://docs.oracle.com/cd/E23549_01/oim.1111/e13400/addlcfg.htm#CHDDEFFB

But our environment is 11.1.2.2.0 and I cannot find reference to equivalent functionality.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms