Idea ID: 2870994

Access Manager should provide "redirect after logout" where the redirect URL parameter is checked against a whitelist

Status : New Idea
2 months ago

Hi!

We are following https://www.netiq.com/documentation/access-manager-45/admin/data/bok7icl.html#b1gcfzqe to implement a redirection after successful IDP logout by adding code like

<%
String redirectURL = uh.getLogoutQueryStringParam("redirect");
if ((redirectURL != null) && (redirectURL != "")) { %>
<script>window.location.replace("<%=redirectURL%>");</script>
<% }
%>

to logoutSuccess_latest.jsp

To secure the redirection targets, a white list check (like the "Identity Provider" Redirection White List) should be possible. According to support, this is currently not possible.

best regards,
Thomas

Labels:

Configuration