[keycloak-dev] Redirect urls are not taking into account default ports
Michal Hajas
mhajas at redhat.com
Tue Nov 12 03:48:21 EST 2019
Thank you for clarifying Stian.
Michal
On Mon, Nov 11, 2019 at 4:12 PM Stian Thorgersen <sthorger at redhat.com>
wrote:
> Redirect URIs should not include default ports, so this is an issue in the
> testsuite and not something we should have a workaround for in Keycloak
> itself.
>
> On Mon, 11 Nov 2019 at 14:37, Michal Hajas <mhajas at redhat.com> wrote:
>
>> Hi all,
>>
>> during testing of openshift + keycloak with Vlasta, we encountered some
>> port problems with our testsuite. The thing is that our testsuite almost
>> always counts with some port in redirect uris. The problem is, when
>> keycloak is running on port 80 because browser sometimes removes this port
>> which results in a failure because keycloak expects url including port.
>>
>> One solution is to double redirect urls (with and without port) in realms
>> in testsuite. This is something we already started to work on and have
>> some
>> working test classes already. However, before changing it everywhere we
>> would like to confirm that Keycloak is behaving correctly and should
>> refuse
>> redirect uri if it differs only in in/excluding port 80 from url in
>> specified in realm.
>>
>> Example:
>> 1. Client contains valid redirect url: http://DOMAIN:80/CONTEXT
>> 2. You open login page with redirect_uri=http://DOMAIN/CONTEXT
>> 3. Should Keycloak refuse such login with error page: "Invalid parameter:
>> redirect_uri"
>>
>> Michal
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
More information about the keycloak-dev
mailing list