<div dir="ltr">Yes, but should I have to register that URI?<div><br></div><div>I thought that the ssl-required option was only valid for communications with the keycloak server, not on how the keycloak server would respond to the application.</div><div>The solution would be to register this https uri as a redirect_uri on my keycloak application?</div><div><br></div><div>While we're on this topic I do have another question, that my superiors instructed me to ask:</div><div><br></div><div>Is it unsafe to change my keycloak.json setting ssl-required to none?</div><div>The problem I see is someone intercepting the access code returned by the server, is it possible for 2 requests with the same access code be processed returning a valid access token for both? Or is this code discarded somehow?</div><div><br></div><div>Thank you again for all your help</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 1, 2014 at 4:57 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="https://www.domain.com:8443" target="_blank">https://www.domain.com:8443</a> is a different uri than<br>
<a href="http://www.domain.com" target="_blank">http://www.domain.com</a>. If you don't change the redirect uri pattern in<br>
the admin console for the app, then the server will not recognize the<br>
https uri as valid.<br>
<span class=""><br>
On 10/1/2014 3:10 PM, Rodrigo Sasaki wrote:<br>
> Hello,<br>
><br>
> We tried to deploy our server in production today, protected with<br>
> Keycloak but we had some issues.<br>
><br>
> When we tried to access one of our resources, the redirect_uri was<br>
> altered to one we didn't have registered.<br>
><br>
</span>> Our original uri was something like this: *<a href="http://www.domain.com/resource*" target="_blank">http://www.domain.com/resource*</a><br>
><br>
> and it got changed to: *<a href="https://www.domain.com:8443/resource*" target="_blank">https://www.domain.com:8443/resource*</a><br>
<span class="">><br>
> changing the protocol to https and adding the 8443 port, and that<br>
> specific uri isn't registered for us, so the server returned saying it<br>
> was an invalid redirect_uri<br>
><br>
> Is this a normal behavior? Should we have configured something else?<br>
><br>
> Thanks!<br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
><br>
</span>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div></div></div>
</div>