[keycloak-user] Very strange behavior when access to IDP from SpringSecurity adapter over HTTPS.

Sebastien Blanc sblanc at redhat.com
Tue Dec 13 05:23:33 EST 2016


What is the difference between your example 2 and example 3 ?

On Tue, Dec 13, 2016 at 11:12 AM, Michael Furman <michael_furman at hotmail.com
> wrote:

> Hi all,
> I try to access from SpringSecurity adapter over HTTPS without success.
> When I try to access to IDP over HTTPS the redirect_uri is replaced to
> localhost:
>
> https://192.168.110.2:8443/auth/realms/master/protocol/
> openid-connect/auth?response_type=code&client_id=
> testclient&redirect_uri=http%3A%2F%2Flocalhost%3A8081%
> 2Fapp%2Fsso%2Flogin&state=0%2Fdb8aabf5-0756-4eef-992f-
> ba1e3eae8084&login=true&scope=openid
>
> Then I get this error in UI:
> WE'RE SORRY ...
> Invalid parameter: redirect_uri
>
> Similar, when I try to access to IDP over HTTP, the redirect_uri is
> replaced to localhost:
> http://192.168.110.2:9080/auth/realms/master/protocol/
> openid-connect/auth?response_type=code&client_id=
> testclient&redirect_uri=http%3A%2F%2Flocalhost%3A8081%
> 2Fapp%2Fsso%2Flogin&state=0%2F66c8bcdb-7ebc-4812-afb6-
> 07d0a7f4bc99&login=true&scope=openid
>
> Same error in UI:
> WE'RE SORRY ...
> Invalid parameter: redirect_uri
>
> Only if I access from SpringSecurity adapter over HTTP the redirect_uri
> has correct value and it works:
> http://192.168.110.2:9080/auth/realms/master/protocol/
> openid-connect/auth?response_type=code&client_id=
> testclient&redirect_uri=http%3A%2F%2F192.168.110.2%3A8081%
> 2Fapp%2Fsso%2Flogin&state=2%2F7553a833-0fdf-48e8-afc2-
> c882c9625479&login=true&scope=openid
>
> Finally I can see the login page.
> What wrong in my configurations?
> Any help will be appreciated.
> Best regards,
>    Michael
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list