[keycloak-user] Problems with Redirect URI
Stian Thorgersen
stian at redhat.com
Thu Oct 2 02:30:27 EDT 2014
Did you
----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Thursday, 2 October, 2014 7:30:15 AM
> Subject: Re: [keycloak-user] Problems with Redirect URI
>
> Yes, but should I have to register that URI?
>
> I thought that the ssl-required option was only valid for communications with
> the keycloak server, not on how the keycloak server would respond to the
> application.
> The solution would be to register this https uri as a redirect_uri on my
> keycloak application?
>
> While we're on this topic I do have another question, that my superiors
> instructed me to ask:
>
> Is it unsafe to change my keycloak.json setting ssl-required to none?
> The problem I see is someone intercepting the access code returned by the
> server, is it possible for 2 requests with the same access code be processed
> returning a valid access token for both? Or is this code discarded somehow?
>
> Thank you again for all your help
>
> On Wed, Oct 1, 2014 at 4:57 PM, Bill Burke < bburke at redhat.com > wrote:
>
>
> https://www.domain.com:8443 is a different uri than
> http://www.domain.com . If you don't change the redirect uri pattern in
> the admin console for the app, then the server will not recognize the
> https uri as valid.
>
> On 10/1/2014 3:10 PM, Rodrigo Sasaki wrote:
> > Hello,
> >
> > We tried to deploy our server in production today, protected with
> > Keycloak but we had some issues.
> >
> > When we tried to access one of our resources, the redirect_uri was
> > altered to one we didn't have registered.
> >
> > Our original uri was something like this: * http://www.domain.com/resource*
> >
> > and it got changed to: * https://www.domain.com:8443/resource*
> >
> > changing the protocol to https and adding the 8443 port, and that
> > specific uri isn't registered for us, so the server returned saying it
> > was an invalid redirect_uri
> >
> > Is this a normal behavior? Should we have configured something else?
> >
> > Thanks!
> >
> > --
> > Rodrigo Sasaki
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
> Rodrigo Sasaki
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list