<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:"Courier New";}
span.EmailStyle21
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Yes, I did modify the client redirect uri - “customer-portal” client has the following URI configuration:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Root: http://wildfly.blah.com:8080/customer-portal/<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Valid Redirect URIs:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; http://wildfly.blah.com:8080/customer-portal/*<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Admin URL:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href="http://wildfly.blah.com:8080/customer-portal/">http://wildfly.blah.com:8080/customer-portal/</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Web Orgins:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href="http://wildfly.blah.com:8080">http://wildfly.blah.com:8080</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">It looks like the error is triggered by “customer listing” link trying to execute customer-portal/view.jsp<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">keycloak log shows the following entry&nbsp; where redirect_uri will be<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">localhost&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if I use&nbsp;&nbsp;
<a href="http://localhost:8080/customer-portal/">http://localhost:8080/customer-portal/</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">or<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">wildfly.blah.com&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if I use&nbsp;&nbsp; http://wildfly.blah.com:8080/customer-portal/<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">10:07:06,173 WARN&nbsp; [org.keycloak.events] (default task-3) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri,
 response_type=code, redirect_uri=http://wildfly.blah.com:8080/customer-portal/customers/view.jsp, response_mode=query<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">I modified the relevant portion of view.jsp but it doesn’t change the outcome..
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">&lt;%<br>
&nbsp;&nbsp;&nbsp; String logoutUri = KeycloakUriBuilder.fromUri(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;http://wildfly.blah.com:8080//auth&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .queryParam(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;redirect_uri&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">,
</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;http://wildfly.blah.com:8080/customer-portal&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).build(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;demo&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).toString();<br>
&nbsp;&nbsp;&nbsp; String acctUri = KeycloakUriBuilder.fromUri(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;http://wildfly.blah.com:8080/auth&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .queryParam(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;referrer&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">,
</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;customer-portal&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).build(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;demo&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).toString();<br>
&nbsp;&nbsp;&nbsp; IDToken idToken = CustomerDatabaseClient.getIDToken(request);<br>
%&gt;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Any other leads, please?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"> Stian Thorgersen [mailto:sthorger@redhat.com]
<br>
<b>Sent:</b> Sunday, March 13, 2016 11:44 PM<br>
<b>To:</b> Chris Raiskin<br>
<b>Cc:</b> keycloak-user<br>
<b>Subject:</b> Re: [keycloak-user] Invalid parameter: redirect_uri<o:p></o:p></span></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p>Did you change the redirect uri for the&nbsp; client? The default configuration of the demo assumes it'll be deployed on the same hostname as the Keycloak server. You can change this in the Keycloak admin console after importing the realm config from the demo.
 Simplest is to add a root url for the client.<o:p></o:p></p>
<div>
<p class="MsoNormal">On 11 Mar 2016 19:32, &quot;Chris Raiskin&quot; &lt;<a href="mailto:Chris.Raiskin@standard.com">Chris.Raiskin@standard.com</a>&gt; wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hello<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I’m following
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DNMj4avFLMJ0&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=tVxpHdvAyvQ_m2W7UW5Wwb23I9mdfCSXpt5v8txpgf4&amp;e=" target="_blank">
The Basic Part 2 tutorial</a> with keycloak 1.9.0 with the purpose of demo’ing keycloak to the team.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The only difference in my set up is that I have the keycloak server on a separate host from the wildfly server running the demo apps.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">When I hit “Customer Listing” link, I get
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
WE’RE SORRY…<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
Invalid parameter: redirect_uri<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">displayed by the keycloak server.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__keycloak.blah.com-3A8080_auth_realms_demo_protocol_openid-2Dconnect_auth-3Fresponse-5Ftype-3Dcode-26client-5Fid-3Dcustomer-2Dportal-26redirect-5Furi-3Dhttp-253A-252F-252Flocalhost-253A8080-252Fcustomer-2Dportal-252Fcustomers-252Fview.jsp-26state-3D1-252Fe1f42109-2D1372-2D4808-2D98aa-2D6cd5bbb0b9ac-26login-3Dtrue&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=MyBNLmc6pOBd754XkWkpNTxsi7apnZ6O7-QxQa2hmG4&amp;e=" target="_blank">http://keycloak.blah.com:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&amp;client_id=customer-portal&amp;redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp&amp;state=1%2Fe1f42109-1372-4808-98aa-6cd5bbb0b9ac&amp;login=true</a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I can see that the redirect_uri is referencing “localhost” both from the URL above and the keycloak log entry:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">11:21:52,483 WARN&nbsp; [org.keycloak.events] (default task-75) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri,
 response_type=code, redirect_uri=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_customer-2Dportal_customers_view.jsp&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=OsxiL6BeDU5D0QuOWHsVL0TZhWTXfDDZuYjobUgf7xc&amp;e=" target="_blank">http://localhost:8080/customer-portal/customers/view.jsp</a>,
 response_mode=query<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">but I’m not sure where “localhost” is coming from b/c the “valid redirect uri” for this Client/Application is configured like this:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:red">*</span>&nbsp;Valid Redirect URIs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__wildfly.blah.com-3A8080_customer-2Dportal_-2A&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=8oUcsCec-PLfXxS2uHDhpLYgpdaYRM-J2MJKRqG_0Jo&amp;e=" target="_blank">
http://wildfly.blah.com:8080/customer-portal/*</a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">&nbsp;<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Any help would be appreciated.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=jpaSijfGCGACbVftNPd2qMs4jGGImBmNNU9J0eDzs-0&amp;e=" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</body>
</html>