[keycloak-dev] Wildcard for Valid Redirect URI Hostname

Niels Bertram nielsbne at gmail.com
Wed Sep 21 02:39:48 EDT 2016


I actually share Stian's position. Using the same client credentials for a
wildcard selection of domain names (I assume different apps) looks like a
bad idea. When provisioning these wildcard "clients", are you not able to
provision them with a separate set of client credentials via the keycloak
admin API?

On Tue, Sep 20, 2016 at 12:50 AM, Josh Cain <josh.cain at redhat.com> wrote:

> Per KEYCLOAK-3585: <https://issues.jboss.org/browse/KEYCLOAK-3585>
>
> Currently, valid redirect URI hostnames allow for wildcards at the end
> like so:
>
> http://www.redhat.com/*
>
> I'm managing several environments where clients need 'n' number of
> available redirect URI's with different hostnames, I.E.
>
> http://developer1.env.redhat.com
>
> http://developer2.env.redhat.com
>
> http://developer3.env.redhat.com
>
> Would really help to have the ability to wildcard hostnames too, I.E.:
>
> http://*.env.redhat.com
>
>
> I've submitted #3241 <https://github.com/keycloak/keycloak/pull/3241> to
> address this issue, but there seem to be some concerns about allowing
> wildcards in other parts of the URL.  See the PR for a more fleshed out
> discussion, but wanted to start a thread here on the mailing list.
> Particularly with respect to:
>
>    - Does anyone have need of this feature or would find it useful?
>    - Should this kind of wildcard be allowed as a configuration option by
>    Keycloak?
>
> Josh Cain | Software Applications Engineer
> *Identity and Access Management*
> *Red Hat*
> +1 256-452-0150
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160921/7d0ccd9a/attachment-0001.html 


More information about the keycloak-dev mailing list