1.1 adapters no longer backward compatible

newer

older

Multi-tenancy support for adapters...

tomcat 7 adapter

Bill Burke

Wednesday, 29 October 2014 Wed, 29 Oct '14

9:02 p.m.

Because of this bug: https://issues.jboss.org/browse/KEYCLOAK-767 I changed the aud to point ot clientid and iss to be the realm name. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Show replies by date

Stian Thorgersen

Thursday, 30 October Thu, 30 Oct

7:51 a.m.

Should we fix iss to return the "realm" url at the same time? ----- Original Message -----

...

From: "Bill Burke" <bburke(a)redhat.com> To: keycloak-dev(a)lists.jboss.org Sent: Wednesday, 29 October, 2014 9:02:24 PM Subject: [keycloak-dev] 1.1 adapters no longer backward compatible Because of this bug: https://issues.jboss.org/browse/KEYCLOAK-767 I changed the aud to point ot clientid and iss to be the realm name. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Bill Burke

1:34 p.m.

I didn't do it because I'm not sure yet what the URL should be or that I even want it to be a URL. Some oidc libraries seem to have the option to validate that the ISS url is the same URL they forwarded the browser to. I don't like that idea at all. All the OIDC spec says is that the issuer must be an HTTPS url that uniquely identifies the issuer of the IDToken. On 10/30/2014 2:51 AM, Stian Thorgersen wrote:

...

Should we fix iss to return the "realm" url at the same time? ----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com> > To: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 29 October, 2014 9:02:24 PM > Subject: [keycloak-dev] 1.1 adapters no longer backward compatible > > Because of this bug: > > https://issues.jboss.org/browse/KEYCLOAK-767 > > I changed the aud to point ot clientid and iss to be the realm name. > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

3717

days inactive

3718

days old

keycloak-dev@lists.jboss.org

Manage subscription

2 comments

2 participants

tags (0)

participants (2)

Bill Burke
Stian Thorgersen

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

1.1 adapters no longer backward compatible