[keycloak-user] Very strange behavior when access to IDP from SpringSecurity adapter over HTTPS.
Michael Furman
michael_furman at hotmail.com
Tue Dec 13 05:44:12 EST 2016
Example 2:
SpringSecurity adapter RP is over HTTPS (the client configuration in IDP configured also HTTPS)
IDP is over HTTP
Example 3:
SpringSecurity adapter RP is over HTTP (the client configuration in IDP configured also HTTP)
IDP is over HTTP
BTW,
Example 1:
SpringSecurity adapter RP is over HTTPS (the client configuration in IDP configured also HTTPS)
IDP is over HTTPS
________________________________
From: Sebastien Blanc <sblanc at redhat.com>
Sent: Tuesday, December 13, 2016 12:23 PM
To: Michael Furman
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Very strange behavior when access to IDP from SpringSecurity adapter over HTTPS.
What is the difference between your example 2 and example 3 ?
On Tue, Dec 13, 2016 at 11:12 AM, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>> wrote:
Hi all,
I try to access from SpringSecurity adapter over HTTPS without success.
When I try to access to IDP over HTTPS the redirect_uri is replaced to localhost:
https://192.168.110.2:8443/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=testclient&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fapp%2Fsso%2Flogin&state=0%2Fdb8aabf5-0756-4eef-992f-ba1e3eae8084&login=true&scope=openid
Then I get this error in UI:
WE'RE SORRY ...
Invalid parameter: redirect_uri
Similar, when I try to access to IDP over HTTP, the redirect_uri is replaced to localhost:
http://192.168.110.2:9080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=testclient&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fapp%2Fsso%2Flogin&state=0%2F66c8bcdb-7ebc-4812-afb6-07d0a7f4bc99&login=true&scope=openid
Same error in UI:
WE'RE SORRY ...
Invalid parameter: redirect_uri
Only if I access from SpringSecurity adapter over HTTP the redirect_uri has correct value and it works:
http://192.168.110.2:9080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=testclient&redirect_uri=http%3A%2F%2F192.168.110.2%3A8081%2Fapp%2Fsso%2Flogin&state=2%2F7553a833-0fdf-48e8-afc2-c882c9625479&login=true&scope=openid
Finally I can see the login page.
What wrong in my configurations?
Any help will be appreciated.
Best regards,
Michael
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list