Workaround to OIDC link handling added in v51.0?

In reference to the wildcard URI change made in v51.0

Our IDP (F5 APM) does not support having a wildcard in the redirect URI. They are referring to this IETF article as justification for not allowing the wildcard.

Is there any workaround possible other then adding the wildcard into the URI?

Per support from our IDP provider (F5 APM, https://www.f5.com/) the method used that requires the wildcard entry on the redirect URI violates RFC and is a security risk.

RFC6749 section 3.1.2.2 is what the wildcard is in violation of

RFC6749 section 4.1.1 describes a ‘state’ parameter that should be used instead.

Is there any workaround provided from SearchGuard for this?

Same situation here! :expressionless: :expressionless: :expressionless:

We are looking into this ATM; however, this will take a few more days. We will update you as soon as we have news on this.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

A quick heads-up: We just released a new version of Search Guard which fixes the issue: