Back to bug 1439221
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Scott Dodson | 2017-04-05 12:58:50 UTC | Status | NEW | MODIFIED |
| Tracy Rankin | 2017-04-05 16:58:30 UTC | Target Release | 3.5.1 | 3.5.0 |
| CC | trankin | |||
| Xiaoli Tian | 2017-04-06 01:39:57 UTC | Status | MODIFIED | ON_QA |
| CC | xtian | |||
| Chuan Yu | 2017-04-06 10:05:15 UTC | Status | ON_QA | VERIFIED |
| Jordan Liggitt | 2017-04-07 12:57:17 UTC | Doc Text | Cause: Redirects to OAuth approval flows used absolute URLs. Consequence: OAuth approval flows would not work when used in combination with a RequestHeaderIdentityProvider. Fix: The OAuth approval endpoint was moved to be a subpath of the authorize endpoint (https://<master>/oauth/authorize/approve) and redirects were made relative. Result: OAuth approval flows work properly when used in combination with a RequestHeaderIdentityProvider, as long as the authenticating proxy meets the following requirements: 1. The URL that proxies to https://<master>/oauth/authorize also ends with ".../authorize" (with no trailing slash) 2. Subpaths of the URL that proxies to https://<master>/oauth/authorize are also proxied (for example, "https://<master>/oauth/authorize/approve") | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| errata-xmlrpc | 2017-04-12 08:16:08 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2017-04-12 19:15:03 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-04-12 15:15:03 UTC | |||
| Eric Paris | 2017-07-24 14:11:24 UTC | Target Release | 3.5.0 |
Back to bug 1439221