Localhost can only be used to access your app if you have a valid redirect
uri for it. Same goes for the other hostname. You can of course add both if
you want
On 15 Mar 2016 20:48, "Chris Raiskin" <Chris.Raiskin(a)standard.com> wrote:
It looks like, if I run the demo using “localhost” in the URL. i.e.
http://localhost:8080/customer-portal
then I get “error=invalid_redirect_uri”
However, if I run the demo using
http://wildfly.blah.com:8080/customer-portal
then keycloak responds with the login challenge as expected.
On the keycloak side, this client is configured with the following “Valid
Redirect URI”
Valid Redirect URI
http://wildfly.blah.com:8080/customer-portal/*
According to the tooltip, the Request’s host:port will be used if a
relative Redirect URI is configured.
The above redirect URI is an absolute path so this URL should be used
regardless of whether I use “localhost” or hostname in the request.
Why error=invalid_redirect_uri?
*From:* Chris Raiskin
*Sent:* Tuesday, March 15, 2016 11:21 AM
*To:* 'stian(a)redhat.com'
*Cc:* keycloak-user
*Subject:* RE: [keycloak-user] Invalid parameter: redirect_uri
Yes, I did modify the client redirect uri - “customer-portal” client has
the following URI configuration:
Root:
http://wildfly.blah.com:8080/customer-portal/
Valid Redirect URIs:
http://wildfly.blah.com:8080/customer-portal/*
Admin URL:
http://wildfly.blah.com:8080/customer-portal/
Web Orgins:
http://wildfly.blah.com:8080
It looks like the error is triggered by “customer listing” link trying to
execute customer-portal/view.jsp
keycloak log shows the following entry where redirect_uri will be
localhost if I use
http://localhost:8080/customer-portal/
or
wildfly.blah.com if I use
http://wildfly.blah.com:8080/customer-portal/
10:07:06,173 WARN [org.keycloak.events] (default task-3)
type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null,
ipAddress=192.168.1.3, error=invalid_redirect_uri, response_type=code,
redirect_uri=
http://wildfly.blah.com:8080/customer-portal/customers/view.jsp,
response_mode=query
I modified the relevant portion of view.jsp but it doesn’t change the
outcome..
<%
String logoutUri =
KeycloakUriBuilder.fromUri(*"http://wildfly.blah.com:8080//auth
<
http://wildfly.blah.com:8080/auth>"*
).path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam(*"redirect_uri"*,
*"http://wildfly.blah.com:8080/customer-portal
<
http://wildfly.blah.com:8080/customer-portal>"*).build(*"dem...
).toString();
String acctUri = KeycloakUriBuilder.fromUri(*"http://wildfly.blah.com:8080/auth
<
http://wildfly.blah.com:8080/auth>"*
).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
.queryParam(*"referrer"*,
*"customer-portal"*).build(*"demo"*
).toString();
IDToken idToken = CustomerDatabaseClient.getIDToken(request);
%>
Any other leads, please?
*From:* Stian Thorgersen [mailto:sthorger@redhat.com <sthorger(a)redhat.com>]
*Sent:* Sunday, March 13, 2016 11:44 PM
*To:* Chris Raiskin
*Cc:* keycloak-user
*Subject:* Re: [keycloak-user] Invalid parameter: redirect_uri
Did you change the redirect uri for the client? The default configuration
of the demo assumes it'll be deployed on the same hostname as the Keycloak
server. You can change this in the Keycloak admin console after importing
the realm config from the demo. Simplest is to add a root url for the
client.
On 11 Mar 2016 19:32, "Chris Raiskin" <Chris.Raiskin(a)standard.com>
wrote:
Hello
I’m following The Basic Part 2 tutorial
<
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watc...
with keycloak 1.9.0 with the purpose of demo’ing keycloak to the team.
The only difference in my set up is that I have the keycloak server on a
separate host from the wildfly server running the demo apps.
When I hit “Customer Listing” link, I get
WE’RE SORRY…
Invalid parameter: redirect_uri
displayed by the keycloak server.
http://keycloak.blah.com:8080/auth/realms/demo/protocol/openid-connect/au...
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__keycloak.blah.com-3A8...
I can see that the redirect_uri is referencing “localhost” both from the
URL above and the keycloak log entry:
11:21:52,483 WARN [org.keycloak.events] (default task-75)
type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null,
ipAddress=192.168.1.3, error=invalid_redirect_uri, response_type=code,
redirect_uri=http://localhost:8080/customer-portal/customers/view.jsp
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_cust...;,
response_mode=query
but I’m not sure where “localhost” is coming from b/c the “valid redirect
uri” for this Client/Application is configured like this:
* Valid Redirect URIs
http://wildfly.blah.com:8080/customer-portal/*
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__wildfly.blah.com-3A80...
Any help would be appreciated.
Thanks
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
<
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...