Re: [keycloak-user] Very strange behavior when access to IDP from SpringSecurity adapter over HTTPS.

Hi, Important clarification: The HTTPS handshake is by Apache httpd server that is also reverse proxy for Tomcat. Tomcat is located on the same ip. SpringSecurity RP is deployed in Tomcat. Best regards On Dec 13, 2016 12:44 PM, Michael Furman <michael_furman(a)hotmail.com&gt; wrote: Example 2: SpringSecurity adapter RP is over HTTPS (the client configuration in IDP configured also HTTPS) IDP is over HTTP Example 3: SpringSecurity adapter RP is over HTTP (the client configuration in IDP configured also HTTP) IDP is over HTTP BTW, Example 1: SpringSecurity adapter RP is over HTTPS (the client configuration in IDP configured also HTTPS) IDP is over HTTPS ________________________________ From: Sebastien Blanc <sblanc(a)redhat.com&gt; Sent: Tuesday, December 13, 2016 12:23 PM To: Michael Furman Cc: keycloak-user(a)lists.jboss.org Subject: Re: [keycloak-user] Very strange behavior when access to IDP from SpringSecurity adapter over HTTPS. What is the difference between your example 2 and example 3 ? On Tue, Dec 13, 2016 at 11:12 AM, Michael Furman <michael_furman@hotmail.com<mailto:michael_furman@hotmail.com>> wrote: Hi all, I try to access from SpringSecurity adapter over HTTPS without success. When I try to access to IDP over HTTPS the redirect_uri is replaced to localhost: https://192.168.110.2:8443/auth/realms/master/protocol/openid-connect/aut... Then I get this error in UI: WE'RE SORRY ... Invalid parameter: redirect_uri Similar, when I try to access to IDP over HTTP, the redirect_uri is replaced to localhost: http://192.168.110.2:9080/auth/realms/master/protocol/openid-connect/auth... Same error in UI: WE'RE SORRY ... Invalid parameter: redirect_uri Only if I access from SpringSecurity adapter over HTTP the redirect_uri has correct value and it works: http://192.168.110.2:9080/auth/realms/master/protocol/openid-connect/auth... Finally I can see the login page. What wrong in my configurations? Any help will be appreciated. Best regards, Michael _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user