Yes, but should I have to register that URI?

I thought that the ssl-required option was only valid for communications with the keycloak server, not on how the keycloak server would respond to the application.
The solution would be to register this https uri as a redirect_uri on my keycloak application?

While we're on this topic I do have another question, that my superiors instructed me to ask:

Is it unsafe to change my keycloak.json setting ssl-required to none?
The problem I see is someone intercepting the access code returned by the server, is it possible for 2 requests with the same access code be processed returning a valid access token for both? Or is this code discarded somehow?

Thank you again for all your help

On Wed, Oct 1, 2014 at 4:57 PM, Bill Burke <bburke@redhat.com> wrote:
https://www.domain.com:8443 is a different uri than
http://www.domain.com.  If you don't change the redirect uri pattern in
the admin console for the app, then the server will not recognize the
https uri as valid.

On 10/1/2014 3:10 PM, Rodrigo Sasaki wrote:
> Hello,
>
> We tried to deploy our server in production today, protected with
> Keycloak but we had some issues.
>
> When we tried to access one of our resources, the redirect_uri was
> altered to one we didn't have registered.
>
> Our original uri was something like this: *http://www.domain.com/resource*
>
> and it got changed to: *https://www.domain.com:8443/resource*
>
> changing the protocol to https and adding the 8443 port, and that
> specific uri isn't registered for us, so the server returned saying it
> was an invalid redirect_uri
>
> Is this a normal behavior? Should we have configured something else?
>
> Thanks!
>
> --
> Rodrigo Sasaki
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



--
Rodrigo Sasaki