Login Does Not Redirect to Destination URL after Login

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

Upon successful login, the server does not redirect the page to the destination but instead redirects back to the the user's customised homepage. The following appears in the atlassian-confluence.log:

2010-05-05 08:24:24,992 WARN [WebContainer : 1159\] [atlassian.seraph.filter.BaseLoginFilter\] redirectToOriginalDestination 
Redirect request to 'http://confluence.company.com/display/somespace/somepage' is not allowed. Will send user to the context 
root instead.

Cause

In some installation instances, Confluence may be configured to run under different hostname aliases. For example, the server URL might be configured as:

http://confluence.local.intranet

In some network and DNS configurations, the server may be reachable via a different alias. For example:

http://confluence.company.com

The server base URL in this example is http://confluence.local.intranet. The user is given a direct URL: http://confluence.company.com/display/somespace/somepage. As the user is not authenticated, the server will redirect to the login page.
The default configuration for Confluence (which does not allow different base URLs) is designed to prevent malicious users from constructing URLs that would redirect to an external website after login.

This issue may also occur when you have SSL configured and don't update the server base URL to reflect the new "https" scheme. If you leave the old "http" scheme, you'll be redirected to the login page. In this case, correct the base URL.

Workaround

The workaround is to modify the <confluence-install>/confluence/WEB-INF/classes/seraph-config.xml file and add in a redirect-policy configuration under 'security-config':

<security-config>

.....

    <redirect-policy class="com.atlassian.seraph.config.DefaultRedirectPolicy">
         <init-param>
          <param-name>allow.any.redirect.url</param-name>
           <param-value>true</param-value>
         </init-param>
   </redirect-policy>

</security-config>

This will override the security settings and will allow redirects to any URL external to the default context.

Resolution

Confluence currently does not support access via multiple domains. See CONF-19006 for a related feature request.

Last modified on May 15, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.