Issue 197 in openid4java: Leaking actual server name with Reverse proxy
7 views
Skip to first unread message
codesite...@google.com
May 10, 2013, 6:23:25 AM5/10/13
to openid4java-...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 197 by mramas...@logitech.com: Leaking actual server name with
Reverse proxy
http://code.google.com/p/openid4java/issues/detail?id=197
What steps will reproduce the problem?
1. Set up RP behind a reverse proxy with machine name as
Machine_name.domain.com(FQDN)
2. Start an OpenID authentication request to an OpenID provider by
accessing Reverse proxy say example.domain.com
3. You will find "Machine_name.domain.com is asking for some information
from your Google Account. "
What is the expected output? What do you see instead?
It should display "example.domain.com is asking for some information from
your Google Account" instead of "Machine_name.domain.com is asking for some
information from your Google Account"
What version of the product are you using? On what operating system?
openid4java-0.9.7
Please provide any additional information below.
If the application is configured with reverse proxy, then what security
does it provides by displaying the actual server name
(Machine_name.domain.com) to the end user?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 197 by mramas...@logitech.com: Leaking actual server name with
Reverse proxy
http://code.google.com/p/openid4java/issues/detail?id=197
What steps will reproduce the problem?
1. Set up RP behind a reverse proxy with machine name as
Machine_name.domain.com(FQDN)
2. Start an OpenID authentication request to an OpenID provider by
accessing Reverse proxy say example.domain.com
3. You will find "Machine_name.domain.com is asking for some information
from your Google Account. "
What is the expected output? What do you see instead?
It should display "example.domain.com is asking for some information from
your Google Account" instead of "Machine_name.domain.com is asking for some
information from your Google Account"
What version of the product are you using? On what operating system?
openid4java-0.9.7
Please provide any additional information below.
If the application is configured with reverse proxy, then what security
does it provides by displaying the actual server name
(Machine_name.domain.com) to the end user?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
codesite...@google.com
May 13, 2013, 7:17:11 AM5/13/13
to openid4java-...@googlegroups.com
Comment #1 on issue 197 by mramas...@logitech.com: Leaking actual server
This can be solved by using Realms
Reply all
Reply to author
Forward
0 new messages