My Oracle Support Banner

Oracle Access Manager (OAM) Federation - A Successful Login Redirects To The "RETURNURL" Even Though It Is Not Defined In A List Of Valid Redirect Locations (Doc ID 2784069.1)

Last updated on AUGUST 23, 2021

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

A successful login redirects to the "RETURNURL" even though it is not defined in a list of valid redirect locations

Changes

 enable 'returnurl' Validation List

returnurlvalidationenabled must be enabled via WLST

putBooleanProperty("/fedserverconfig/returnurlvalidationenabled","true"

1. Enable whitelist
putBooleanProperty("/fedserverconfig/returnurlvalidationenabled","true")

2. Make sure whitelist should not content a testing returnurl for example
www.oracle.com

<Setting Name="returnurlvalidationenabled" Type="xsd:boolean">true</Setting>
<Setting Name="sessionreplicationenabled" Type="xsd:boolean">false</Setting>
<Setting Name="slogetenabled" Type="xsd:boolean">false</Setting>
<Setting Name="sloonlylocal" Type="xsd:boolean">false</Setting>
<Setting Name="sloparallel" Type="xsd:boolean">false</Setting>
<Setting Name="sloreturnstatus" Type="xsd:boolean">true</Setting>
<Setting Name="soapforcessl" Type="xsd:boolean">false</Setting>
<Setting Name="soaprequiresslcert" Type="xsd:boolean">false</Setting>
<Setting Name="soapsslenabled" Type="xsd:boolean">false</Setting>
<Setting Name="spenabled" Type="xsd:boolean">true</Setting>
<Setting Name="ssofailonerror" Type="xsd:boolean">true</Setting>
<Setting Name="ssolocalfailusermismatch" Type="xsd:boolean">true</Setting>
<Setting Name="useproxiedfedauthnmethodenabled" Type="xsd:boolean">false</Setting>
<Setting Name="userprovisioningenabled" Type="xsd:boolean">false</Setting>
<Setting Name="userregistrationauthnenabled" Type="xsd:boolean">false</Setting>
<Setting Name="userregistrationenabled" Type="xsd:boolean">false</Setting>
<Setting Name="ussfedtermrnienabled" Type="xsd:boolean">false</Setting>
<Setting Name="nameidformats" Type="htf:map"> </Setting>
<Setting Name="returnurlvalidationlist" Type="htf:map">
<Setting Name="1" Type="xsd:string">my.site.com</Setting>
</Setting>

 

3. Test federation
https://<OIF_SERVER_HOST:PORT>/oamfed/sp/initiatesso?providerid=<PROVIDER_ID>&returnurl=https://www.oracle.com

4. You are re-directed to www.oracle.com

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.