Open redirection issue with 'mod_auth_mellon'.
Issue
- mod_auth_mellon doesn't restrict open redirection and it allow opening any website after SSO.
- E.g https://host/admin/auth/login?ReturnTo=https://www.google.com&IdP=
Environment
- Red Hat Enterprise Linux 7
- mod_auth_mellon
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
