漏洞
The RelayState cookie is being set when performing an SP-initiated login in an app (example: CityWorks and My Esri) that uses the ArcGIS Enterprise portal to authenticate users when Okta is the IdP and causes an IdP-initiated login to another resource that uses the cookie (like the ArcGIS Enterprise portal or ArcGIS Online) to reroute to the resource where the SP-initiated login is generated.
| 漏洞 ID 编号 | BUG-000129499 |
|---|---|
| 已提交 | March 19, 2020 |
| 上次修改时间 | March 21, 2025 |
| 适用范围 | ArcGIS Online |
| 找到的版本 | 7.4 |
| 操作系统 | Windows OS |
| 操作系统版本 | 2016 64 Bit |
| 状态 | Will Not Be Addressed |
附加信息
The development team has considered the issue or request and concluded it will not be addressed. If this is still a concern, contact Esri Support Services.解决办法
- Add the EditThisCookie chrome extension.
- Block the RelayState cookie by adding a rule for the following information using the extension:
- Domain: organizationName.maps.arcgis.com
- Name: RelayState
- Value: any
- Clear cache and perform workflow again to be routed to ArcGIS Online instead of My Esri.
重现步骤
漏洞 ID: BUG-000129499
软件:
- ArcGIS Online
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序