[keycloak-user] Very strange behavior when access to IDP from SpringSecurity adapter over HTTPS.
Sebastien Blanc
sblanc at redhat.com
Tue Dec 13 06:17:36 EST 2016
And I assume you are setting ssl-required in the keycloak.json ?
On Tue, Dec 13, 2016 at 11:44 AM, Michael Furman <michael_furman at hotmail.com
> wrote:
> Example 2:
>
> SpringSecurity adapter RP is over HTTPS (the client configuration in IDP
> configured also HTTPS)
>
> IDP is over HTTP
>
>
>
> Example 3:
>
> SpringSecurity adapter RP is over HTTP (the client configuration in IDP
> configured also HTTP)
>
> IDP is over HTTP
>
>
>
> BTW,
>
> Example 1:
>
> SpringSecurity adapter RP is over HTTPS (the client configuration in IDP
> configured also HTTPS)
>
> IDP is over HTTPS
>
>
>
> ------------------------------
> *From:* Sebastien Blanc <sblanc at redhat.com>
> *Sent:* Tuesday, December 13, 2016 12:23 PM
> *To:* Michael Furman
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Very strange behavior when access to IDP
> from SpringSecurity adapter over HTTPS.
>
> What is the difference between your example 2 and example 3 ?
>
> On Tue, Dec 13, 2016 at 11:12 AM, Michael Furman <
> michael_furman at hotmail.com> wrote:
>
>> Hi all,
>> I try to access from SpringSecurity adapter over HTTPS without success.
>> When I try to access to IDP over HTTPS the redirect_uri is replaced to
>> localhost:
>>
>> https://192.168.110.2:8443/auth/realms/master/protocol/openi
>> d-connect/auth?response_type=code&client_id=testclient&
>> redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fapp%
>> 2Fsso%2Flogin&state=0%2Fdb8aabf5-0756-4eef-992f-ba1e3eae8084
>> &login=true&scope=openid
>>
>> Then I get this error in UI:
>> WE'RE SORRY ...
>> Invalid parameter: redirect_uri
>>
>> Similar, when I try to access to IDP over HTTP, the redirect_uri is
>> replaced to localhost:
>> http://192.168.110.2:9080/auth/realms/master/protocol/openid
>> -connect/auth?response_type=code&client_id=testclient&
>> redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fapp%
>> 2Fsso%2Flogin&state=0%2F66c8bcdb-7ebc-4812-afb6-07d0a7f4bc99
>> &login=true&scope=openid
>>
>> Same error in UI:
>> WE'RE SORRY ...
>> Invalid parameter: redirect_uri
>>
>> Only if I access from SpringSecurity adapter over HTTP the redirect_uri
>> has correct value and it works:
>> http://192.168.110.2:9080/auth/realms/master/protocol/openid
>> -connect/auth?response_type=code&client_id=testclient&
>> redirect_uri=http%3A%2F%2F192.168.110.2%3A8081%2Fapp%2Fsso%
>> 2Flogin&state=2%2F7553a833-0fdf-48e8-afc2-c882c9625479&
>> login=true&scope=openid
>>
>> Finally I can see the login page.
>> What wrong in my configurations?
>> Any help will be appreciated.
>> Best regards,
>> Michael
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list