goto parameter is lost at end of the User Self-Service Forgot Password flow in OpenAM 13.0 and 13.5

Symptoms

The goto parameter that is present in the login URL, for example:

is removed after the user resets their password (using the Forgot Password link) and returns to the login page (using the Return to Login Page link).

This behavior can also be seen in SAML 2 federation where the IdP or SP initiated login URL contains parameters; when selecting the Forgot Password link on the IdP, these parameters are also lost at the end of the flow.

Recent Changes

Implemented the user self-service Forgotten Password Reset feature.

Causes

The XUI strips out the parameters from the login URL at the end of the Forgot Password flow instead of preserving them throughout the process.

Solution

This issue can be resolved by upgrading to OpenAM 13.5.1 or later; you can download this from BackStage.

See Also

Internal server error when using User Self-Service in AM 5 and 5.1

Link in Forgotten Password and User Registration emails in AM (All versions) does not work in Outlook 2007 and 2010

Related Training

N/A

Related Issue Tracker IDs

OPENAM-11057 (Global User Self Service UI does not display values)

OPENAM-10394 (RFE: Include goto URL in verification email sent during User Registration / Forgot Password flow)

OPENAM-9597 (Goto URL with multiple query string parameters incorrectly decoded)

OPENAM-9238 (USS Forgotten password flow on subrealm loses the realm)

OPENAM-9125 (The XUI needs to pass the goto=URL through whole password reset journey)

OPENAM-8998 (Completing USS Forgot Password flow results in lost goto parameter on Return to Login Page link)