Solutions
ForgeRock Identity Platform
Does not apply to Identity Cloud

Agent (All versions) does not redirect user correctly if the redirect URL is too long

Last updated Apr 13, 2021

The purpose of this article is to provide assistance if users are not redirected by the agent as expected when the redirect URL is too long.


Symptoms

The user is redirected incorrectly when the redirect URL is too long; shortening the URL results in a successful redirection.

An error similar to the following is shown in the patternMatching debug log when this happens:

RedirectUrlValidator.isRedirectUrlValid: The url was length nnnn which is longer than the allowed maximum of 2000

Where nnnn signifies the length of the redirect URL.

Recent Changes

N/A

Causes

The maximum redirect URL that can be validated by AM is 2000 characters by default. If the length of the URL exceeds this, validation of the requested goto URL will not succeed and therefore does not redirect to the expected page.

Solution

This issue can be resolved by increasing the maximum length of the redirect URL to at least the number stated in the patternMatching debug log. This is an advanced property (org.forgerock.openam.redirecturlvalidator.maxUrlLength).

You can update this property using either the console, Amster or ssoadm:

  • Console: navigate to: Configure > Server Defaults > Advanced > org.forgerock.openam.redirecturlvalidator.maxUrlLength and enter the maximum redirect URL length that can be validated.
  • Amster: follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
    • Entity: DefaultAdvancedProperties
    • Property: org.forgerock.openam.redirecturlvalidator.maxUrlLength
  • ssoadm: enter the following command: $ ./ssoadm update-server-cfg -s default -u [adminID] -f [passwordfile] -a org.forgerock.openam.redirecturlvalidator.maxUrlLength=[length]replacing [adminID], [passwordfile] and [length] with appropriate values.
Note

You must restart the web application container in which AM runs to apply these configuration changes.

See Also

redirect_uri_mismatch error occurs after upgrading to, or installing Agents (All versions)

Agents and policies in AM

Reference › Advanced Properties

Related Training

N/A

Related Issue Tracker IDs

N/A



Copyright and TrademarksCopyright © 2021 ForgeRock, all rights reserved.
Loading...