[keycloak-dev] Invalid value for iss

Stian Thorgersen stian at redhat.com
Wed Mar 25 10:07:33 EDT 2015


According to the spec 'iss' should be: 

  REQUIRED. Issuer Identifier for the Issuer of the response. The iss value is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components

However, we only use realm name. As that's invalid according to the spec (and also the same iss used for multiple KC servers) I propose we change it to:

  <AUTH URL>/realms/<REALM-NAME>

For example:

  http://localhost:8080/realms/master


More information about the keycloak-dev mailing list