[keycloak-dev] Redirect urls are not taking into account default ports

Michal Hajas mhajas at redhat.com
Mon Nov 11 08:34:00 EST 2019


Hi all,

during testing of openshift + keycloak with Vlasta, we encountered some
port problems with our testsuite. The thing is that our testsuite almost
always counts with some port in redirect uris. The problem is, when
keycloak is running on port 80 because browser sometimes removes this port
which results in a failure because keycloak expects url including port.

One solution is to double redirect urls (with and without port) in realms
in testsuite. This is something we already started to work on and have some
working test classes already. However, before changing it everywhere we
would like to confirm that Keycloak is behaving correctly and should refuse
redirect uri if it differs only in in/excluding port 80 from url in
specified in realm.

Example:
1. Client contains valid redirect url: http://DOMAIN:80/CONTEXT
2. You open login page with redirect_uri=http://DOMAIN/CONTEXT
3. Should Keycloak refuse such login with error page: "Invalid parameter:
redirect_uri"

Michal


More information about the keycloak-dev mailing list