ReturnUrl not prepending site name when resolving links to CFS files

Running version 12.0.2.17146

Custom plug-in created following  Single Sign-On Plugins 

When an email with an attachment goes out, the attachment URL follows the pattern:

https://sitename.com/cfs-file/__key/telligent-evolution-components-attachments/{Folderpath}/{filename}

This gets passed into an SSO login as a ReturnUrl parameter that starts at the /cfs-file/ portion of the URL and does not include the site name like every other link on the site which causes SSO to fail to return to the correct place.

Is there a setting somewhere to force the CFS to include the site name in the ReturnUrl parameter?

Is it possible to intercept the ReturnUrl and inject that in the plug-in code?



Removed
 tag
[edited by: starksk at 8:36 PM (GMT 0) on Thu, Jan 13 2022]

Parents
  • Can you verify that your custom plugin implements Telligent.Evolution.Extensibility.Security.Version2.IExternaluthenticationPlugin (and not a different/legacy plugin type)? Only this type will force return URLs to be fully qualified.

  • The version was not initially specified (just IExternalauthenticationPlugin), however specifying it to be the full string including version2 did not change the behaviour.

  • Thank you for verifying that.

    I did find the cause of the issue and have logged an issue:

    TE-17359: Redirect to CFS URL does not fully qualify URL for SSO plugins

    Planned

    Unfortunately, there is not a work-around since the SSO plugin does not have access to modify the URL prior to handling it. The remote SSO login implementation (the target of the login URL) could adjust a / prefixed URL to include the Community root URL, potentially, however.

Reply
  • Thank you for verifying that.

    I did find the cause of the issue and have logged an issue:

    TE-17359: Redirect to CFS URL does not fully qualify URL for SSO plugins

    Planned

    Unfortunately, there is not a work-around since the SSO plugin does not have access to modify the URL prior to handling it. The remote SSO login implementation (the target of the login URL) could adjust a / prefixed URL to include the Community root URL, potentially, however.

Children
  • I'm not sure that the SSO will be able to do that for us as it targets other sites, but will ask our dev team on that one.

    I know that commenting publicly on a bug target doesn't usually happen but are we looking at something that could be resolved in a patch update or are we looking at a change that would require a minor or even major version change?