Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

By default only the hostname of password reset url is allowed to be used as the hostname for a returnurl. This behavior can be changed by setting the property returnurlreturnUrl.allowedhostnameallowedHostnames to have a white-space separated list of allowed hostnames in file ubilogin/custom/password-reset/application.properties. Note that when this property is set, then the hostname of the password reset url must be included or it would not be allowed.

...

Code Block
languagetext
titleubilogin/custom/password-reset/application.properties
returnurlreturnUrl.allowedhostnamesallowedHostnames = sso.example.com acme.com foobaranvilcoding.com

Changes to this file require updating tomcat (ubilogin-sso/ubilogin/config/tomcat/update.[sh|cmd]).