RH-SSO does not validate the URL redirection to untrusted site during logout

Issue

RH-SSO does not seem to correctly validate the URL as a valid/safe url to redirect the user to. This can be seen as potential security issue.

Red Hat Single Sign-On (RH-SSO)
- 7
Logout
- Redirecting user to a different URL, by indicating in the parameter redirect_uri the fake URL to redirect the user to
- For example: http://localhost:8080/auth/realms/master/protocol/openid-connect/logout?redirect_uri=http://www.unsafewebsite.com

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)