Content

Use the advanced configuration property sps.targetURLallowlist to list valid target URLs.

The value of this property is a set of comma-separated strings. Each string is a regular expression. The regular expression must not contain commas. Spaces between the strings are ignored. The default value is “.*”, which means that the appliance runtime accepts any target URL.

Example 1: Allow all URLs that start with https://

Use the following advanced configuration value. Note that there are no quotes:

https://.*

Example 2: Limit target URLs to only those with one of a specified list of hostnames:

www.app.ibm.com, www.myidp.ibm.com, (http|https)://www.app.ibm.com/.*, (http|https)://www.myidp.ibm.com/.*

• For more information on how to specify advanced configuration properties, see https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.2.1/com.ibm.isam.doc/config/task/managingadvancedcfg_fed.html
• For SAML 2.0 SSO flows, you can specify a Target URL when configuring the initial URL in flows initiated by either the Identity Provider or the Service Provider. For more information, see https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.2.1/com.ibm.isam.doc/config/reference/profileinitialurls.html
• For Open ID Connect flows, you can specify a Target URL when configuring the initial URL for Relying Party initiated single sign-on. For more information, see https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.2.1/com.ibm.isam.doc/config/concept/con_oidc_rp_ini_endpoint.html
• In the authentication service, you can specify a Target URL when configuring the authentication service trigger URL. For more information, see https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.2.1/com.ibm.isam.doc/config/task/tsk_configwgauthservice.html