[keycloak-user] Invalid parameter: redirect_uri
Chris Raiskin
Chris.Raiskin at standard.com
Tue Mar 15 14:20:39 EDT 2016
Yes, I did modify the client redirect uri - “customer-portal” client has the following URI configuration:
Root: http://wildfly.blah.com:8080/customer-portal/
Valid Redirect URIs:
http://wildfly.blah.com:8080/customer-portal/*
Admin URL:
http://wildfly.blah.com:8080/customer-portal/
Web Orgins:
http://wildfly.blah.com:8080
It looks like the error is triggered by “customer listing” link trying to execute customer-portal/view.jsp
keycloak log shows the following entry where redirect_uri will be
localhost if I use http://localhost:8080/customer-portal/
or
wildfly.blah.com if I use http://wildfly.blah.com:8080/customer-portal/
10:07:06,173 WARN [org.keycloak.events] (default task-3) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri, response_type=code, redirect_uri=http://wildfly.blah.com:8080/customer-portal/customers/view.jsp, response_mode=query
I modified the relevant portion of view.jsp but it doesn’t change the outcome..
<%
String logoutUri = KeycloakUriBuilder.fromUri("http://wildfly.blah.com:8080//auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("redirect_uri", "http://wildfly.blah.com:8080/customer-portal").build("demo").toString();
String acctUri = KeycloakUriBuilder.fromUri("http://wildfly.blah.com:8080/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
.queryParam("referrer", "customer-portal").build("demo").toString();
IDToken idToken = CustomerDatabaseClient.getIDToken(request);
%>
Any other leads, please?
From: Stian Thorgersen [mailto:sthorger at redhat.com]
Sent: Sunday, March 13, 2016 11:44 PM
To: Chris Raiskin
Cc: keycloak-user
Subject: Re: [keycloak-user] Invalid parameter: redirect_uri
Did you change the redirect uri for the client? The default configuration of the demo assumes it'll be deployed on the same hostname as the Keycloak server. You can change this in the Keycloak admin console after importing the realm config from the demo. Simplest is to add a root url for the client.
On 11 Mar 2016 19:32, "Chris Raiskin" <Chris.Raiskin at standard.com<mailto:Chris.Raiskin at standard.com>> wrote:
Hello
I’m following The Basic Part 2 tutorial<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DNMj4avFLMJ0&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=tVxpHdvAyvQ_m2W7UW5Wwb23I9mdfCSXpt5v8txpgf4&e=> with keycloak 1.9.0 with the purpose of demo’ing keycloak to the team.
The only difference in my set up is that I have the keycloak server on a separate host from the wildfly server running the demo apps.
When I hit “Customer Listing” link, I get
WE’RE SORRY…
Invalid parameter: redirect_uri
displayed by the keycloak server.
http://keycloak.blah.com:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=customer-portal&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp&state=1%2Fe1f42109-1372-4808-98aa-6cd5bbb0b9ac&login=true<https://urldefense.proofpoint.com/v2/url?u=http-3A__keycloak.blah.com-3A8080_auth_realms_demo_protocol_openid-2Dconnect_auth-3Fresponse-5Ftype-3Dcode-26client-5Fid-3Dcustomer-2Dportal-26redirect-5Furi-3Dhttp-253A-252F-252Flocalhost-253A8080-252Fcustomer-2Dportal-252Fcustomers-252Fview.jsp-26state-3D1-252Fe1f42109-2D1372-2D4808-2D98aa-2D6cd5bbb0b9ac-26login-3Dtrue&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=MyBNLmc6pOBd754XkWkpNTxsi7apnZ6O7-QxQa2hmG4&e=>
I can see that the redirect_uri is referencing “localhost” both from the URL above and the keycloak log entry:
11:21:52,483 WARN [org.keycloak.events] (default task-75) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri, response_type=code, redirect_uri=http://localhost:8080/customer-portal/customers/view.jsp<https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_customer-2Dportal_customers_view.jsp&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=OsxiL6BeDU5D0QuOWHsVL0TZhWTXfDDZuYjobUgf7xc&e=>, response_mode=query
but I’m not sure where “localhost” is coming from b/c the “valid redirect uri” for this Client/Application is configured like this:
* Valid Redirect URIs http://wildfly.blah.com:8080/customer-portal/*<https://urldefense.proofpoint.com/v2/url?u=http-3A__wildfly.blah.com-3A8080_customer-2Dportal_-2A&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=8oUcsCec-PLfXxS2uHDhpLYgpdaYRM-J2MJKRqG_0Jo&e=>
Any help would be appreciated.
Thanks
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=jpaSijfGCGACbVftNPd2qMs4jGGImBmNNU9J0eDzs-0&e=>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160315/d375ed0d/attachment-0001.html
More information about the keycloak-user
mailing list