Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-49739

As portal owner I want OAuth Portlet Plugin not to disclose local IP address in realm parameter

    Details

      Description

      OAuth plugin doesn't set realm parameter explicitly. Default realm setter use host name to set realm.
      In cloud environment where host name is built using server's local IP address, OAuth discloses that info to clients.
      Example:

      WWW-Authenticate: OAuth realm="http%3A%2F%2Fip-10-141-158-76.ec2.internal", oauth_problem="token_rejected"

      How to test?
      Probably we should upgrade test-oauth-portlet to test this aspect since there is no special UI tool to reveal this information.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  4 years, 38 weeks, 4 days ago

                  Packages

                  Version Package
                  6.1.X EE
                  6.2.X EE
                  7.0.0 M2