How To
Archived

How do I configure a list of valid goto URL domains in OpenAM 11.0.0, 11.0.1 and 11.0.2?

Last updated Jan 5, 2021

The purpose of this article is to provide information on configuring a list of valid goto URL domains to which users can be redirected after authentication in OpenAM 11.0.0, 11.0.1 and 11.0.2. This is good practice to increase security against possible phishing attacks through open redirect. When you specify a URL domain list, the domain of the URL stated in the goto or gotoOnFail parameter must exist on the URL domain list for the user to be redirected. If you do not specify a URL domain list, all domains included in URLs specified in the goto or gotoOnFail parameter are considered valid.



Copyright and Trademarks Copyright © undefined ForgeRock, all rights reserved.