SAC Web Application defined to handle mobile application traffic.
Mobile Application passing in requests with query string parameters that reference internal domains.
When going through SAC, the Application would get the following error:
"Invalid 'redirect_uri' in query parameters returned"
The redirect_uri parameter is part of the OAuth request triggered by the mobile app.
SAC.
OAuth based mobile App configured to go via SAC Web Application.
SAC could not rewrite query string parameters.
SAC team updated Web Application to be able to rewrite query string parameters, but then the following settings needed to be configured for the query string parameters being referenced.
1. the Web application involved connectivity to two SAC Web Applications: WHen this happens, we need to 'Link' the two applications together so that rules can be applied across both Applications.
2. Add the query string parameter name to the Link translation custom rules section: In our case, the URLs referenced passed in both the redirect_uri and redirect_url parameters, and hence we needed to add both to the configuration.
With many of these Web Application rewriter issues, we need to understand how the application works without going through SAC, but simply going internally. When this happens, we see the following initial request.
https://cloud.teleyemen.com.ye/provisioning/authn/callback?redirect_url=https://cloud.teleyemen.com.ye/csp/gateway/portal&redirect_uri=https://cloud.teleyemen.com.ye/csp/gateway/portal
When going through the SAC Application, the response to the POST request to https://cloud.xxxx.com/SAAS/auth/saml/response (cloud.xxxx.com is the external name for the internal cmp host above) was a redirect to
https://cloud.xxxx.com/SAAS/auth/oauth2/authorize?response_type=code&state=aHR0cHM6Ly9jbG91ZC50ZWxleWVtZW4uY29tLnllL2NzcC9nYXRld2F5L3BvcnRhbA%3D%3D&client_id=provisioning-rpWr198yeUz7NgLx&redirect_uri=https%3A%2F%2Fcloud.xxxx.com%2Fprovisioning%2Fcore%2Fauthn%2Fcsp
which triggered the "Invalid 'redirect_uri' in query parameters returned" error due to the unrecognised domain.