[keycloak-user] Wrapping Keycloak under Nginx - redirect_uri problems

Stian Thorgersen sthorger at redhat.com
Fri Sep 18 06:59:55 EDT 2015


The * can only be on the end of the valid redirect uri. So you need to
specify 'https://my-client.pibenchmark.com/*' or simply '*'. The latter not
being a good idea obviously.

On 18 September 2015 at 12:42, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:

> Hi, I'm trying to wrap Keycloak behind Nginx for a client and I can't work
> out how to
> avoid the invalid parameter: redirect_uri problem.
>
> Website is https://my-client.pibenchmark.com
>
> In nginx:
> location /auth {
>     proxy_pass https://auth-service;
> }
>
> upstream auth-service {
>     server my-keycloak:8443;
> }
>
> Then in Keycloak I have valid redirect URIs set to https://*.
> pibenchmark.com/* ie my whole domain. Still getting invalid parameter:
> redirect_uri though.
>
> What am I doing wrong? Can I do this this way? I like to have one point of
> contact with the internet for security reasons.
>
>
> *Kevin Thorpe*
> CTO, PI Limited
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150918/100d482a/attachment.html 


More information about the keycloak-user mailing list