...
By default only the hostname of password reset url is allowed to be used as the hostname for a returnurl. This behavior can be changed by setting the property returnurlreturnUrl.allowedhostnameallowedHostnames
to have a white-space separated list of allowed hostnames in file ubilogin/custom/password-reset/application.properties
. Note that when this property is set, then the hostname of the password reset url must be included or it would not be allowed.
...
Code Block | ||||
---|---|---|---|---|
| ||||
returnurlreturnUrl.allowedhostnamesallowedHostnames = sso.example.com acme.com foobaranvilcoding.com |
Changes to this file require updating tomcat (ubilogin-sso/ubilogin/config/tomcat/update.[sh|cmd]
).