[keycloak-user] "Invalid parameter: redirect_uri"
Paul Blair
pblair at clearme.com
Mon Jan 4 19:16:36 EST 2016
I am using Keycloak with the apiman API manager. Both are on AWS and are behind Elastic Load Balancers (Keycloak is clustered using JDBC_PING). When I request the apiman admin UI page (https://[apimanLoadBalancer]/apimanui), I get redirected to the following URL:
https://[KeycloakLoadBalancer]/auth/realms/apiman/protocol/openid-connect/auth?response_type=code&client_id=apimanui&redirect_uri=https://[apimanLoadBalancer]/apimanui/index.html&state=3/c48eec70-0fe9-44bf-9802-a351353f7600&login=true
Keycloak then displays the error "We're Sorry... Invalid parameter: redirect_uri"
In the Keycloak log I see:
DEBUG [org.keycloak.protocol.oidc.utils.RedirectUtils] (default task-7) replacing relative valid redirect with: https://[KeycloakLoadBalancer]/apimanui/*
WARN [org.keycloak.events] (default task-7) type=LOGIN_ERROR, realmId=apiman, clientId=apimanui, userId=null, ipAddress=[IP], error=invalid_redirect_uri, response_type=code, redirect_uri=https://[apimanLoadBalancer]/apimanui/index.html, response_mode=query
This looks to me as though Keycloak thinks that the redirect URI is a relative path. I also notice that the query string parameters for redirect_uri are not URL encoded by apiman. Would this be the source of the problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160105/e0acceb4/attachment.html
More information about the keycloak-user
mailing list