The * can only be on the end of the valid redirect uri. So you need to specify 'https://my-client.pibenchmark.com/*' or simply '*'. The latter not being a good idea obviously.

On 18 September 2015 at 12:42, Kevin Thorpe <kevin.thorpe@p-i.net> wrote:

Hi, I'm trying to wrap Keycloak behind Nginx for a client and I can't work out how to
avoid the invalid parameter: redirect_uri problem.

Website is https://my-client.pibenchmark.com

In nginx:
location /auth {
proxy_pass https://auth-service;
}

upstream auth-service {
server my-keycloak:8443;
}

Then in Keycloak I have valid redirect URIs set to https://*.pibenchmark.com/* ie my whole domain. Still getting invalid parameter: redirect_uri though.

What am I doing wrong? Can I do this this way? I like to have one point of contact with the internet for security reasons.

Kevin Thorpe

CTO, PI Limited

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user