Solutions
Archived

goto parameter is lost at end of the User Self-Service Forgot Password flow in OpenAM 13.0 and 13.5

Last updated Jan 5, 2021

The purpose of this article is to provide assistance when parameters, including the goto parameter, are lost after completing the User Self-Service Forgot Password (XUI) flow in OpenAM 13.0 and 13.5. This occurs when the user clicks the Return to Login Page link.


Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

The goto parameter that is present in the login URL, for example:

http://host1.example.com:8080/openam/XUI/#login/&goto=http://forgerock.com

is removed after the user resets their password (using the Forgot Password link) and returns to the login page (using the Return to Login Page link).

This behavior can also be seen in SAML 2 federation where the IdP or SP initiated login URL contains parameters; when selecting the Forgot Password link on the IdP, these parameters are also lost at the end of the flow.

Recent Changes

Implemented the user self-service Forgotten Password Reset feature.

Causes

The XUI strips out the parameters from the login URL at the end of the Forgot Password flow instead of preserving them throughout the process.

Solution

This issue can be resolved by upgrading to OpenAM 13.5.1 or later; you can download this from BackStage.

Note

The goto parameter is retained if the user remains within the browser throughout the process, however, it is lost once the process leaves the UI. This means the goto parameter is still removed if you have email verification switched on. There is an RFE to ensure the goto parameter is retained when email verification is used: OPENAM-10394 (RFE: Include goto URL in verification email sent during User Registration / Forgot Password flow).

See Also

Internal server error when using User Self-Service in AM 5 and 5.1

Link in Forgotten Password and User Registration emails in AM (All versions) does not work in Outlook 2007 and 2010

Related Training

N/A

Related Issue Tracker IDs

OPENAM-11057 (Global User Self Service UI does not display values)

OPENAM-10394 (RFE: Include goto URL in verification email sent during User Registration / Forgot Password flow)

OPENAM-9597 (Goto URL with multiple query string parameters incorrectly decoded)

OPENAM-9238 (USS Forgotten password flow on subrealm loses the realm)

OPENAM-9125 (The XUI needs to pass the goto=URL through whole password reset journey)

OPENAM-8998 (Completing USS Forgot Password flow results in lost goto parameter on Return to Login Page link)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.