From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com>
To: "Bill Burke" <bburke(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Thursday, 2 October, 2014 7:30:15 AM
Subject: Re: [keycloak-user] Problems with Redirect URI
Yes, but should I have to register that URI?
I thought that the ssl-required option was only valid for communications with
the keycloak server, not on how the keycloak server would respond to the
application.
The solution would be to register this https uri as a redirect_uri on my
keycloak application?
While we're on this topic I do have another question, that my superiors
instructed me to ask:
Is it unsafe to change my keycloak.json setting ssl-required to none?
The problem I see is someone intercepting the access code returned by the
server, is it possible for 2 requests with the same access code be processed
returning a valid access token for both? Or is this code discarded somehow?
Thank you again for all your help
On Wed, Oct 1, 2014 at 4:57 PM, Bill Burke < bburke(a)redhat.com > wrote:
https://www.domain.com:8443 is a different uri than
http://www.domain.com . If you don't change the redirect uri pattern in
the admin console for the app, then the server will not recognize the
https uri as valid.
On 10/1/2014 3:10 PM, Rodrigo Sasaki wrote:
> Hello,
>
> We tried to deploy our server in production today, protected with
> Keycloak but we had some issues.
>
> When we tried to access one of our resources, the redirect_uri was
> altered to one we didn't have registered.
>
> Our original uri was something like this: *
http://www.domain.com/resource*
>
> and it got changed to: *
https://www.domain.com:8443/resource*
>
> changing the protocol to https and adding the 8443 port, and that
> specific uri isn't registered for us, so the server returned saying it
> was an invalid redirect_uri
>
> Is this a normal behavior? Should we have configured something else?
>
> Thanks!
>
> --
> Rodrigo Sasaki
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Rodrigo Sasaki
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user