The two special redirect-uris you refer to are for installed applications (for example a CLI interface or a desktop app). In #1 you're asking about bundling with your web app, so you shouldn't be using these. Instead you should use whatever URL you use to access your application. For example if your application is: http://www.mydomain.com/myapp/secure.html Then your redirect-uri should be: http://www.mydomain.com/myapp/secure.html You can also use a wild-card if you want to allow any page on a certain domain/context-path, for example: http://www.mydomain.com/myapp/* ----- Original Message ----- > From: "Vivek Srivastav (vivsriva)" <vivsriva(a)cisco.com&gt; > To: keycloak-user(a)lists.jboss.org > Sent: Monday, 28 July, 2014 1:54:58 PM > Subject: [keycloak-user] Clarification on redirect uri configuration on >the KeyCloak admin console > > I am trying to understand the redirect uri configuration on the KeyCloak > admin console. > > As per the document: > >http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#ins >talled-applications > > there are two special special redirect uri for application. I have few > questions about the http://localhost > > > 1. When I configure my application with the http://localhost and > confidential access_type, am I supposed to provide a callback > implementation or is is handled by keyclock client libraries that I > bundle with my web app? > 2. Am I supposed to provide a ³port² along with the redirect uri? >I.e. > http://localhost:8989 ? It seems like with either configuration >gives me > ³WE¹RE SORRY², ³Invalid redirect_uri². > 3. When running KeyCloak and my client application on separate >servers, > will the http://localhost redirect uri automatically supposed to be > replaced with the correct IP address/hostname of the Resource Server > provides, I.e. my application? > I understand that this redirect_uri has been made a mandatory field in >recent > release of KeyCloak and I could not find information related to its > configuration in the ³Base Part 1² tutorial video. > > Any pointers about how to configure this redirect uri for ³confidential² > access_type would be very helpful. > > Kind Regards, > Vivek > > > > > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user

Do redirect uri: http://localhost:8080/customer-portal/* Notice the "/*". Redirect is either a wildcard or specific/exact URL. On 7/28/2014 9:35 AM, Vivek Srivastav (vivsriva) wrote: > Thanks for clarifications. I tried using the following configuration >with > customer-portal and product-portal: > > Name: customer-portal > Access Type: confidential > Redirect URI: http://localhost:8080/customer-portal > Base URL: > Admin URL: http://localhost:8080/customer-portal/admin > > But I keep getting ³WE¹RE SORRY², ³Invalid redirect_uri² error > > Regards, > Vivek > > > > > On 7/28/14, 9:10 AM, "Stian Thorgersen" <stian(a)redhat.com&gt; wrote: > >> The two special redirect-uris you refer to are for installed >>applications >> (for example a CLI interface or a desktop app). In #1 you're asking >>about >> bundling with your web app, so you shouldn't be using these. >> >> Instead you should use whatever URL you use to access your application. >> For example if your application is: >> >> http://www.mydomain.com/myapp/secure.html >> >> Then your redirect-uri should be: >> >> http://www.mydomain.com/myapp/secure.html >> >> You can also use a wild-card if you want to allow any page on a certain >> domain/context-path, for example: >> >> http://www.mydomain.com/myapp/* >> >> ----- Original Message ----- >>> From: "Vivek Srivastav (vivsriva)" <vivsriva(a)cisco.com&gt; >>> To: keycloak-user(a)lists.jboss.org >>> Sent: Monday, 28 July, 2014 1:54:58 PM >>> Subject: [keycloak-user] Clarification on redirect uri configuration >>>on >>> the KeyCloak admin console >>> >>> I am trying to understand the redirect uri configuration on the >>>KeyCloak >>> admin console. >>> >>> As per the document: >>> >>> >>>http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#i >>>ns >>> talled-applications >>> >>> there are two special special redirect uri for application. I have few >>> questions about the http://localhost >>> >>> >>> 1. When I configure my application with the http://localhost and >>> confidential access_type, am I supposed to provide a callback >>> implementation or is is handled by keyclock client libraries >>>that I >>> bundle with my web app? >>> 2. Am I supposed to provide a ³port² along with the redirect uri? >>> I.e. >>> http://localhost:8989 ? It seems like with either configuration >>> gives me >>> ³WE¹RE SORRY², ³Invalid redirect_uri². >>> 3. When running KeyCloak and my client application on separate >>> servers, >>> will the http://localhost redirect uri automatically supposed to >>>be >>> replaced with the correct IP address/hostname of the Resource >>>Server >>> provides, I.e. my application? >>> I understand that this redirect_uri has been made a mandatory field in >>> recent >>> release of KeyCloak and I could not find information related to its >>> configuration in the ³Base Part 1² tutorial video. >>> >>> Any pointers about how to configure this redirect uri for >>>³confidential² >>> access_type would be very helpful. >>> >>> Kind Regards, >>> Vivek >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user