[keycloak-dev] Invalid value for iss

Bill Burke bburke at redhat.com
Wed Mar 25 10:12:41 EDT 2015


This requires changes to a lot of code.  I started doing it once until I 
realized how many files I would have to change.

On 3/25/2015 10:07 AM, Stian Thorgersen wrote:
> According to the spec 'iss' should be:
>
>    REQUIRED. Issuer Identifier for the Issuer of the response. The iss value is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components
>
> However, we only use realm name. As that's invalid according to the spec (and also the same iss used for multiple KC servers) I propose we change it to:
>
>    <AUTH URL>/realms/<REALM-NAME>
>
> For example:
>
>    http://localhost:8080/realms/master
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list