Jenkins OpenID Plugin 2.4 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
jenkins openid