Bug 1071288

Summary: IdP does not redirect back to original SP URL
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Hynek Mlnarik <hmlnarik>
Component: PicketLinkAssignee: Anil Saldhana <anil.saldhana>
Status: CLOSED CURRENTRELEASE QA Contact: Hynek Mlnarik <hmlnarik>
Severity: high Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.3.0CC: asaldhan, fbogyai, jcacek, kkhan, pskopek, pslavice, smumford, tfonteyn
Target Milestone: ER3   
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-28 15:40:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1085522    
Bug Blocks: 1051640, 1091177    

Description Hynek Mlnarik 2014-02-28 12:50:41 UTC 
Seen the following behaviour with PL 2.5.3.Beta2 and 2.5.3.Final in EAP 6.3.0 builds.

When accessing a service provider (SP) using URL which does not point to the SP root, the redirects caused by IdP authentication lose part of the actual URL and only redirect back to the root of SP. This happens in the following scenario (realized e.g. by SAML2KerberosTestCase in the AS testsuite):

1) Access IdP directly and authenticate via Kerberos
2) Access SP using URL which retrieves a document in the SP context, e.g. /sp/printRoles

Actual behaviour:
- The SP root document, i.e. /sp/ is retrieved

Expected behaviour:
- Requested document, i.e. /sp/printRoles is retrieved.
Comment 11 Kabir Khan 2014-04-25 14:46:37 UTC 
Fixed by component upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1091177
Comment 12 FIlip Bogyai 2014-05-02 14:11:53 UTC 
Verified in EAP 6.3.0.ER3
Comment 13 baranowb 2014-05-07 11:07:39 UTC 
*** Bug 1078342 has been marked as a duplicate of this bug. ***
Comment 14 Scott Mumford 2014-05-14 00:59:03 UTC 
Marking for exclusion from 6.3.0 Beta release notes as both 'affects' and 'fix' versions are listed as 6.3.0, suggesting this was not a customer-facing issue.
Comment 15 JBoss JIRA Server 2015-04-28 15:09:11 UTC 
John Doyle <jdoyle> updated the status of jira EAP6-92 to Closed