[keycloak-dev] Redirect urls are not taking into account default ports
Stian Thorgersen
sthorger at redhat.com
Mon Nov 11 10:11:59 EST 2019
Redirect URIs should not include default ports, so this is an issue in the
testsuite and not something we should have a workaround for in Keycloak
itself.
On Mon, 11 Nov 2019 at 14:37, Michal Hajas <mhajas at redhat.com> wrote:
> Hi all,
>
> during testing of openshift + keycloak with Vlasta, we encountered some
> port problems with our testsuite. The thing is that our testsuite almost
> always counts with some port in redirect uris. The problem is, when
> keycloak is running on port 80 because browser sometimes removes this port
> which results in a failure because keycloak expects url including port.
>
> One solution is to double redirect urls (with and without port) in realms
> in testsuite. This is something we already started to work on and have some
> working test classes already. However, before changing it everywhere we
> would like to confirm that Keycloak is behaving correctly and should refuse
> redirect uri if it differs only in in/excluding port 80 from url in
> specified in realm.
>
> Example:
> 1. Client contains valid redirect url: http://DOMAIN:80/CONTEXT
> 2. You open login page with redirect_uri=http://DOMAIN/CONTEXT
> 3. Should Keycloak refuse such login with error page: "Invalid parameter:
> redirect_uri"
>
> Michal
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
More information about the keycloak-dev
mailing list