Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-12885

URL fragment lost on redirect after initial Oauth2 login

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Unresolved
    • L3 - Default
    • None
    • 7.13.0, 7.14.0
    • webapp
    • None

    Description

      Based on the exchange in this forum thread

      In the example discussed in the forum thread linked above, and then shown in the reproduction linked below, it is demonstrated that when integrating SSO at the container level (example: Oauth2 + Spring Security) the hash fragment of the URL is lost during redirect after the initial login. The reproduction scenario looks something like this (using the Github Oauth example below):

      1. Clear any cached site data for http://localhost and https://github.com (also, incognito window would suffice)
      2. Navigate to a link deep in cockpit (e.g. http://localhost:8080/app/cockpit/default/#/process-definition/example:1:df90e1bd-35bc-11eb-815b-9ea5f5f2c29d)
      3. Browser redirects user to Github for login.
      4. Login to Github, approve app if necessary.
      5. Browser redirects back to Cockpit
      6. User ends up at http://localhost:8080/app/cockpit/default/#/dashboard

      It appears as though the hash fragments are lost completely and Spring Security redirects to the only thing it knows about, which is the base url (http://localhost:8080/app/cockpit/default/). 

      Note: when login has taken place already, navigating to the deep link again has no issue. This remains true even if you get redirected to Github, but never see a login page. This can be reproduced by following the same steps, but in step #1 clear only site data for http://localhost, but not https://github.com.

      Research suggests that most frontend applications need to handle hash fragments when a backend technology like Spring Security is used for SSO + redirects as the fragment is never sent to the server to begin with. 

      It is also worth noting that I have no evidence to suggest the Camunda webapps support what is being attempted here. If someone can point me in the right direction, I'd be happy to contribute a fix (or propose one) whether that's a direct contribution or plugin (I'm not sure plugins of any type are loaded early enough to produce the desired result). If nothing else, some verbiage in the documentation to indicate the shortcoming might be helpful to future community members.

      Small reproduction

      https://github.com/jgigliotti/camunda-sso-example

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Task - A task that needs to be done. CAM-1841 redirect from login page to originally requested page

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                martin.stamm Martin Stamm
                jgigliotti Justin Gigliotti
                Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Salesforce