[keycloak-user] Problems with Redirect URI

Rodrigo Sasaki rodrigopsasaki at gmail.com
Thu Oct 2 01:30:15 EDT 2014


Yes, but should I have to register that URI?

I thought that the ssl-required option was only valid for communications
with the keycloak server, not on how the keycloak server would respond to
the application.
The solution would be to register this https uri as a redirect_uri on my
keycloak application?

While we're on this topic I do have another question, that my superiors
instructed me to ask:

Is it unsafe to change my keycloak.json setting ssl-required to none?
The problem I see is someone intercepting the access code returned by the
server, is it possible for 2 requests with the same access code be
processed returning a valid access token for both? Or is this code
discarded somehow?

Thank you again for all your help

On Wed, Oct 1, 2014 at 4:57 PM, Bill Burke <bburke at redhat.com> wrote:

> https://www.domain.com:8443 is a different uri than
> http://www.domain.com.  If you don't change the redirect uri pattern in
> the admin console for the app, then the server will not recognize the
> https uri as valid.
>
> On 10/1/2014 3:10 PM, Rodrigo Sasaki wrote:
> > Hello,
> >
> > We tried to deploy our server in production today, protected with
> > Keycloak but we had some issues.
> >
> > When we tried to access one of our resources, the redirect_uri was
> > altered to one we didn't have registered.
> >
> > Our original uri was something like this: *
> http://www.domain.com/resource*
> >
> > and it got changed to: *https://www.domain.com:8443/resource*
> >
> > changing the protocol to https and adding the 8443 port, and that
> > specific uri isn't registered for us, so the server returned saying it
> > was an invalid redirect_uri
> >
> > Is this a normal behavior? Should we have configured something else?
> >
> > Thanks!
> >
> > --
> > Rodrigo Sasaki
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
Rodrigo Sasaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141002/57128177/attachment.html 


More information about the keycloak-user mailing list