<p dir="ltr">Localhost can only be used to access your app if you have a valid redirect uri for it. Same goes for the other hostname. You can of course add both if you want</p>

<div class="gmail_quote">On 15 Mar 2016 20:48, &quot;Chris Raiskin&quot; &lt;<a href="mailto:Chris.Raiskin@standard.com">Chris.Raiskin@standard.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div lang="EN-US" link="blue" vlink="purple">

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">It looks like, if I run the demo using “localhost” in the URL. i.e.<u></u><u></u></span></p>

<p class="MsoNormal" style="text-indent:.5in"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><a href="http://localhost:8080/customer-portal" target="_blank">http://localhost:8080/customer-portal</a><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">then I get “error=invalid_redirect_uri”<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">However, if I run the demo using<u></u><u></u></span></p>

<p class="MsoNormal" style="text-indent:.5in"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><a href="http://wildfly.blah.com:8080/customer-portal" target="_blank">http://wildfly.blah.com:8080/customer-portal</a><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">then keycloak responds with the login challenge as expected.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">On the keycloak side, this client is configured with the following “Valid Redirect URI”<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Valid Redirect URI           

<a href="http://wildfly.blah.com:8080/customer-portal/*" target="_blank">http://wildfly.blah.com:8080/customer-portal/*</a><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">According to the tooltip, the Request’s host:port will be used if a relative Redirect URI is configured.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">The above redirect URI is an absolute path so this URL should be used regardless of whether I use “localhost” or hostname in the request.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Why error=invalid_redirect_uri?<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<div>

<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"> Chris Raiskin

<br>

<b>Sent:</b> Tuesday, March 15, 2016 11:21 AM<br>

<b>To:</b> &#39;<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>&#39;<br>

<b>Cc:</b> keycloak-user<br>

<b>Subject:</b> RE: [keycloak-user] Invalid parameter: redirect_uri<u></u><u></u></span></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Yes, I did modify the client redirect uri - “customer-portal” client has the following URI configuration:<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Root:

<a href="http://wildfly.blah.com:8080/customer-portal/" target="_blank">http://wildfly.blah.com:8080/customer-portal/</a><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Valid Redirect URIs:<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">               

<a href="http://wildfly.blah.com:8080/customer-portal/*" target="_blank">http://wildfly.blah.com:8080/customer-portal/*</a><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Admin URL:<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">               

<a href="http://wildfly.blah.com:8080/customer-portal/" target="_blank">http://wildfly.blah.com:8080/customer-portal/</a><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Web Orgins:<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">               

<a href="http://wildfly.blah.com:8080" target="_blank">http://wildfly.blah.com:8080</a><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">It looks like the error is triggered by “customer listing” link trying to execute customer-portal/view.jsp<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">keycloak log shows the following entry  where redirect_uri will be<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">localhost                              if I use  

<a href="http://localhost:8080/customer-portal/" target="_blank">http://localhost:8080/customer-portal/</a><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">or<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><a href="http://wildfly.blah.com" target="_blank">wildfly.blah.com</a>               if I use  

<a href="http://wildfly.blah.com:8080/customer-portal/" target="_blank">http://wildfly.blah.com:8080/customer-portal/</a><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">10:07:06,173 WARN  [org.keycloak.events] (default task-3) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri,

 response_type=code, redirect_uri=<a href="http://wildfly.blah.com:8080/customer-portal/customers/view.jsp" target="_blank">http://wildfly.blah.com:8080/customer-portal/customers/view.jsp</a>, response_mode=query<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">I modified the relevant portion of view.jsp but it doesn’t change the outcome..

<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">&lt;%<br>

    String logoutUri = KeycloakUriBuilder.fromUri(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;<a href="http://wildfly.blah.com:8080/auth" target="_blank">http://wildfly.blah.com:8080//auth</a>&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)<br>

            .queryParam(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;redirect_uri&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">,

</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;<a href="http://wildfly.blah.com:8080/customer-portal" target="_blank">http://wildfly.blah.com:8080/customer-portal</a>&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).build(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;demo&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).toString();<br>

    String acctUri = KeycloakUriBuilder.fromUri(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;<a href="http://wildfly.blah.com:8080/auth" target="_blank">http://wildfly.blah.com:8080/auth</a>&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)<br>

            .queryParam(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;referrer&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">,

</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;customer-portal&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).build(</span><b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:green">&quot;demo&quot;</span></b><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;;color:black">).toString();<br>

    IDToken idToken = CustomerDatabaseClient.getIDToken(request);<br>

%&gt;<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Any other leads, please?<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"> Stian Thorgersen [<a href="mailto:sthorger@redhat.com" target="_blank">mailto:sthorger@redhat.com</a>]

<br>

<b>Sent:</b> Sunday, March 13, 2016 11:44 PM<br>

<b>To:</b> Chris Raiskin<br>

<b>Cc:</b> keycloak-user<br>

<b>Subject:</b> Re: [keycloak-user] Invalid parameter: redirect_uri<u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p>Did you change the redirect uri for the  client? The default configuration of the demo assumes it&#39;ll be deployed on the same hostname as the Keycloak server. You can change this in the Keycloak admin console after importing the realm config from the demo.

 Simplest is to add a root url for the client.<u></u><u></u></p>

<div>

<p class="MsoNormal">On 11 Mar 2016 19:32, &quot;Chris Raiskin&quot; &lt;<a href="mailto:Chris.Raiskin@standard.com" target="_blank">Chris.Raiskin@standard.com</a>&gt; wrote:<u></u><u></u></p>

<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">

<div>

<div>

<p class="MsoNormal">Hello<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal">I’m following

<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DNMj4avFLMJ0&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=tVxpHdvAyvQ_m2W7UW5Wwb23I9mdfCSXpt5v8txpgf4&amp;e=" target="_blank">

The Basic Part 2 tutorial</a> with keycloak 1.9.0 with the purpose of demo’ing keycloak to the team.<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal">The only difference in my set up is that I have the keycloak server on a separate host from the wildfly server running the demo apps.<u></u><u></u></p>

<p class="MsoNormal">When I hit “Customer Listing” link, I get

<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal" style="margin-left:.5in">

WE’RE SORRY…<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:.5in">

Invalid parameter: redirect_uri<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal">displayed by the keycloak server.<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__keycloak.blah.com-3A8080_auth_realms_demo_protocol_openid-2Dconnect_auth-3Fresponse-5Ftype-3Dcode-26client-5Fid-3Dcustomer-2Dportal-26redirect-5Furi-3Dhttp-253A-252F-252Flocalhost-253A8080-252Fcustomer-2Dportal-252Fcustomers-252Fview.jsp-26state-3D1-252Fe1f42109-2D1372-2D4808-2D98aa-2D6cd5bbb0b9ac-26login-3Dtrue&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=MyBNLmc6pOBd754XkWkpNTxsi7apnZ6O7-QxQa2hmG4&amp;e=" target="_blank">http://keycloak.blah.com:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&amp;client_id=customer-portal&amp;redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp&amp;state=1%2Fe1f42109-1372-4808-98aa-6cd5bbb0b9ac&amp;login=true</a><u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal">I can see that the redirect_uri is referencing “localhost” both from the URL above and the keycloak log entry:<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal">11:21:52,483 WARN  [org.keycloak.events] (default task-75) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri,

 response_type=code, redirect_uri=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_customer-2Dportal_customers_view.jsp&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=OsxiL6BeDU5D0QuOWHsVL0TZhWTXfDDZuYjobUgf7xc&amp;e=" target="_blank">http://localhost:8080/customer-portal/customers/view.jsp</a>,

 response_mode=query<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal">but I’m not sure where “localhost” is coming from b/c the “valid redirect uri” for this Client/Application is configured like this:<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal"><span style="color:red">*</span> Valid Redirect URIs           

<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__wildfly.blah.com-3A8080_customer-2Dportal_-2A&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=8oUcsCec-PLfXxS2uHDhpLYgpdaYRM-J2MJKRqG_0Jo&amp;e=" target="_blank">

http://wildfly.blah.com:8080/customer-portal/*</a><u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal">Any help would be appreciated.<u></u><u></u></p>

<p class="MsoNormal">Thanks<u></u><u></u></p>

</div>

</div>

<p class="MsoNormal"><br>

_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&amp;d=CwMFaQ&amp;c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&amp;r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&amp;m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&amp;s=jpaSijfGCGACbVftNPd2qMs4jGGImBmNNU9J0eDzs-0&amp;e=" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><u></u><u></u></p>

</blockquote>

</div>

</div>

</div>

</blockquote></div>