Login Does Not Redirect to Destination URL after Login
Symptoms
Upon successful login, the server does not redirect the page to the destination but instead redirects back to the the user's customised homepage. The following appears in the atlassian-confluence.log
:
2010-05-05 08:24:24,992 WARN [WebContainer : 1159\] [atlassian.seraph.filter.BaseLoginFilter\] redirectToOriginalDestination
Redirect request to 'http://confluence.company.com/display/somespace/somepage' is not allowed. Will send user to the context
root instead.
Cause
In some installation instances, Confluence may be configured to run under different hostname aliases. For example, the server URL might be configured as:
http://confluence.local.intranet
In some network and DNS configurations, the server may be reachable via a different alias. For example:
http://confluence.company.com
The server base URL in this example is http://confluence.local.intranet
. The user is given a direct URL: http://confluence.company.com/display/somespace/somepage
. As the user is not authenticated, the server will redirect to the login page.
The default configuration for Confluence (which does not allow different base URLs) is designed to prevent malicious users from constructing URLs that would redirect to an external website after login.
This issue may also occur when you have SSL configured and don't update the server base URL to reflect the new "https" scheme. If you leave the old "http" scheme, you'll be redirected to the login page. In this case, correct the base URL.
Workaround
Before using this workaround, read Various Issues Caused when Server Base URL Does Not Match the URL Used to Access Confluence.
The workaround is to modify the <confluence-install>/confluence/WEB-INF/classes/seraph-config.xml
file and add in a redirect-policy configuration under 'security-config':
<security-config>
.....
<redirect-policy class="com.atlassian.seraph.config.DefaultRedirectPolicy">
<init-param>
<param-name>allow.any.redirect.url</param-name>
<param-value>true</param-value>
</init-param>
</redirect-policy>
</security-config>
This will override the security settings and will allow redirects to any URL external to the default context.
Resolution
Confluence currently does not support access via multiple domains. See CONF-19006 for a related feature request.
If this is not your case, check Confluence Data Center redirects to the default home instead of accessed URL after SAML login