Pleased you found out what's going on. Please create an issue.
On 5 January 2016 at 01:40, Paul Blair <pblair(a)clearme.com> wrote:
Figured it out — it's a case-sensitivity issue:
https://ApimanLoadBalancer.elb.amazonaws.com/apimanui/*
Fails to match
https://apimanloadbalancer.elb.amazonaws.com/apimanui
<
https://apimanloadbalancer/apimanui>/*
I believe subdomains are case-insensitive. Should I raise an issue on this?
From: "pblair(a)clearme.com" <pblair(a)clearme.com>
Date: Mon, 4 Jan 2016 19:32:54 -0500
To: "pblair(a)clearme.com" <pblair(a)clearme.com>, keycloak-user <
keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] "Invalid parameter: redirect_uri"
I should mention that this happens whether or not I have
https://[apimanLoadBalancer] in the Root URL field for the Apimanui
client, or whether or not I have
https://[apimanLoadBalancer]/apimanui/*
in the Valid Redirect URIs, or both. However, if they are present I no
longer see the DEBUG line "replacing relative valid redirect with…"; I only
see the WARN message with the failure.
Also, it appears that the URL encoding is a non-issue; at least, I see the
URLs encoded properly in the browser URL bar even if the "inspect" formats
them with slashes and colons.
From: "pblair(a)clearme.com" <pblair(a)clearme.com>
Date: Tue, 5 Jan 2016 00:16:36 +0000
To: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: [keycloak-user] "Invalid parameter: redirect_uri"
I am using Keycloak with the apiman API manager. Both are on AWS and are
behind Elastic Load Balancers (Keycloak is clustered using JDBC_PING). When
I request the apiman admin UI page (
https://[apimanLoadBalancer]/apimanui),
I get redirected to the following URL:
https://[KeycloakLoadBalancer]/auth/realms/apiman/protocol/openid-connect...
https://[apimanLoadBalancer]/apimanui/index.html&state=3/c48eec70-0fe...
Keycloak then displays the error "We're Sorry… Invalid parameter:
redirect_uri"
In the Keycloak log I see:
DEBUG [org.keycloak.protocol.oidc.utils.RedirectUtils] (default
task-7) replacing relative valid redirect with:
https://[KeycloakLoadBalancer]/apimanui/*
WARN [org.keycloak.events] (default task-7) type=LOGIN_ERROR,
realmId=apiman, clientId=apimanui, userId=null, ipAddress=[IP],
error=invalid_redirect_uri, response_type=code, redirect_uri=
https://[apimanLoadBalancer]/apimanui/index.html, response_mode=query
This looks to me as though Keycloak thinks that the redirect URI is a
relative path. I also notice that the query string parameters for
redirect_uri are not URL encoded by apiman. Would this be the source of the
problem?
_______________________________________________ keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user