Open redirection issue with 'mod_auth_mellon'.
Issue
- mod_auth_mellon doesn't restrict open redirection and it allow opening any website after SSO.
- E.g https://host/admin/auth/login?ReturnTo=https://www.google.com&IdP=
Environment
- Red Hat Enterprise Linux 7
- mod_auth_mellon
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.