What steps will reproduce the problem?
1. get a random session token from PWM
2. follow the redirect to validate your client
3. the session token after the redirect will be filtered if it contains the
string "href"
What version of PWM are you using?
trunk
Please paste any error log messages below:
The session validation token contains the keyword “href” which is
considered malicious by the input validator, therefore the input is discarded
before the session validator can process it and the user ends in a redirect
loop.
2015-03-06 07:55:39, WARN , pwm.Validator, removing potentially malicious
string values from input, converting
'vUzSjfRR2RNB2tHReFJnzKhmwNJw25nt14bedde39f2' newValue='
pattern='(?s)(?i).href.'
Original issue reported on code.google.com by thijshou...@gmail.com on 24 Jun 2015 at 1:11
Original issue reported on code.google.com by
thijshou...@gmail.comon 24 Jun 2015 at 1:11