Sent: Friday, September 18, 2015 19:21
To: stian@redhat.com
Cc: keycloak-user
Subject: Re: [keycloak-user] Wrapping Keycloak under Nginx - redirect_uri problems
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
"SAVE PAPER - THINK BEFORE YOU PRINT!"
The * can only be on the end of the valid redirect uri. So you need to specify 'https://my-client.pibenchmark.com/*' or simply '*'. The latter not being a good idea obviously.
On 18 September 2015 at 12:42, Kevin Thorpe <kevin.thorpe@p-i.net> wrote:
_______________________________________________Hi, I'm trying to wrap Keycloak behind Nginx for a client and I can't work out how toavoid the invalid parameter: redirect_uri problem.
Website is https://my-client.pibenchmark.com
In nginx:location /auth {proxy_pass https://auth-service;}
upstream auth-service {server my-keycloak:8443;}
Then in Keycloak I have valid redirect URIs set to https://*.pibenchmark.com/* ie my whole domain. Still getting invalid parameter: redirect_uri though.
What am I doing wrong? Can I do this this way? I like to have one point of contact with the internet for security reasons.
Kevin Thorpe
CTO, PI Limited
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user