It looks like, if I run the demo using “localhost” in the URL. i.e.
http://localhost:8080/customer-portal
then I get “error=invalid_redirect_uri”
However, if I run the demo using
http://wildfly.blah.com:8080/customer-portal
then keycloak responds with the login challenge as expected.
On the keycloak side, this client is configured with the following “Valid Redirect URI”
Valid Redirect URI
http://wildfly.blah.com:8080/customer-portal/*
According to the tooltip, the Request’s host:port will be used if a relative Redirect URI is configured.
The above redirect URI is an absolute path so this URL should be used regardless of whether I use “localhost” or hostname in the request.
Why error=invalid_redirect_uri?
From: Chris Raiskin
Sent: Tuesday, March 15, 2016 11:21 AM
To: 'stian@redhat.com'
Cc: keycloak-user
Subject: RE: [keycloak-user] Invalid parameter: redirect_uri
Yes, I did modify the client redirect uri - “customer-portal” client has the following URI configuration:
Root:
http://wildfly.blah.com:8080/customer-portal/
Valid Redirect URIs:
http://wildfly.blah.com:8080/customer-portal/*
Admin URL:
http://wildfly.blah.com:8080/customer-portal/
Web Orgins:
It looks like the error is triggered by “customer listing” link trying to execute customer-portal/view.jsp
keycloak log shows the following entry where redirect_uri will be
localhost if I use
http://localhost:8080/customer-portal/
or
wildfly.blah.com if I use
http://wildfly.blah.com:8080/customer-portal/
10:07:06,173 WARN [org.keycloak.events] (default task-3) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri,
response_type=code, redirect_uri=http://wildfly.blah.com:8080/customer-portal/customers/view.jsp, response_mode=query
I modified the relevant portion of view.jsp but it doesn’t change the outcome..
<%
String logoutUri = KeycloakUriBuilder.fromUri("http://wildfly.blah.com:8080//auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("redirect_uri",
"http://wildfly.blah.com:8080/customer-portal").build("demo").toString();
String acctUri = KeycloakUriBuilder.fromUri("http://wildfly.blah.com:8080/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
.queryParam("referrer",
"customer-portal").build("demo").toString();
IDToken idToken = CustomerDatabaseClient.getIDToken(request);
%>
Any other leads, please?
From: Stian Thorgersen [mailto:sthorger@redhat.com]
Sent: Sunday, March 13, 2016 11:44 PM
To: Chris Raiskin
Cc: keycloak-user
Subject: Re: [keycloak-user] Invalid parameter: redirect_uri
Did you change the redirect uri for the client? The default configuration of the demo assumes it'll be deployed on the same hostname as the Keycloak server. You can change this in the Keycloak admin console after importing the realm config from the demo.
Simplest is to add a root url for the client.
On 11 Mar 2016 19:32, "Chris Raiskin" <Chris.Raiskin@standard.com> wrote:
Hello
I’m following The Basic Part 2 tutorial with keycloak 1.9.0 with the purpose of demo’ing keycloak to the team.
The only difference in my set up is that I have the keycloak server on a separate host from the wildfly server running the demo apps.
When I hit “Customer Listing” link, I get
WE’RE SORRY…
Invalid parameter: redirect_uri
displayed by the keycloak server.
I can see that the redirect_uri is referencing “localhost” both from the URL above and the keycloak log entry:
11:21:52,483 WARN [org.keycloak.events] (default task-75) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri, response_type=code, redirect_uri=http://localhost:8080/customer-portal/customers/view.jsp, response_mode=query
but I’m not sure where “localhost” is coming from b/c the “valid redirect uri” for this Client/Application is configured like this:
* Valid Redirect URIs http://wildfly.blah.com:8080/customer-portal/*
Any help would be appreciated.
Thanks
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user