[keycloak-user] Invalid parameter: redirect_uri

Chris Raiskin Chris.Raiskin at standard.com
Tue Mar 15 14:20:39 EDT 2016 

Yes, I did modify the client redirect uri - “customer-portal” client has the following URI configuration:

Root: http://wildfly.blah.com:8080/customer-portal/
Valid Redirect URIs:
                http://wildfly.blah.com:8080/customer-portal/*
Admin URL:
                http://wildfly.blah.com:8080/customer-portal/
Web Orgins:
                http://wildfly.blah.com:8080


It looks like the error is triggered by “customer listing” link trying to execute customer-portal/view.jsp

keycloak log shows the following entry  where redirect_uri will be
localhost                              if I use   http://localhost:8080/customer-portal/
or
wildfly.blah.com               if I use   http://wildfly.blah.com:8080/customer-portal/

10:07:06,173 WARN  [org.keycloak.events] (default task-3) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri, response_type=code, redirect_uri=http://wildfly.blah.com:8080/customer-portal/customers/view.jsp, response_mode=query


I modified the relevant portion of view.jsp but it doesn’t change the outcome..

<%
    String logoutUri = KeycloakUriBuilder.fromUri("http://wildfly.blah.com:8080//auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
            .queryParam("redirect_uri", "http://wildfly.blah.com:8080/customer-portal").build("demo").toString();
    String acctUri = KeycloakUriBuilder.fromUri("http://wildfly.blah.com:8080/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
            .queryParam("referrer", "customer-portal").build("demo").toString();
    IDToken idToken = CustomerDatabaseClient.getIDToken(request);
%>


Any other leads, please?



From: Stian Thorgersen [mailto:sthorger at redhat.com]
Sent: Sunday, March 13, 2016 11:44 PM
To: Chris Raiskin
Cc: keycloak-user
Subject: Re: [keycloak-user] Invalid parameter: redirect_uri


Did you change the redirect uri for the  client? The default configuration of the demo assumes it'll be deployed on the same hostname as the Keycloak server. You can change this in the Keycloak admin console after importing the realm config from the demo. Simplest is to add a root url for the client.
On 11 Mar 2016 19:32, "Chris Raiskin" <Chris.Raiskin at standard.com<mailto:Chris.Raiskin at standard.com>> wrote:
Hello

I’m following The Basic Part 2 tutorial<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DNMj4avFLMJ0&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=tVxpHdvAyvQ_m2W7UW5Wwb23I9mdfCSXpt5v8txpgf4&e=> with keycloak 1.9.0 with the purpose of demo’ing keycloak to the team.

The only difference in my set up is that I have the keycloak server on a separate host from the wildfly server running the demo apps.
When I hit “Customer Listing” link, I get

WE’RE SORRY…
Invalid parameter: redirect_uri

displayed by the keycloak server.

http://keycloak.blah.com:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=customer-portal&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp&state=1%2Fe1f42109-1372-4808-98aa-6cd5bbb0b9ac&login=true<https://urldefense.proofpoint.com/v2/url?u=http-3A__keycloak.blah.com-3A8080_auth_realms_demo_protocol_openid-2Dconnect_auth-3Fresponse-5Ftype-3Dcode-26client-5Fid-3Dcustomer-2Dportal-26redirect-5Furi-3Dhttp-253A-252F-252Flocalhost-253A8080-252Fcustomer-2Dportal-252Fcustomers-252Fview.jsp-26state-3D1-252Fe1f42109-2D1372-2D4808-2D98aa-2D6cd5bbb0b9ac-26login-3Dtrue&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=MyBNLmc6pOBd754XkWkpNTxsi7apnZ6O7-QxQa2hmG4&e=>

I can see that the redirect_uri is referencing “localhost” both from the URL above and the keycloak log entry:

11:21:52,483 WARN  [org.keycloak.events] (default task-75) type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null, ipAddress=192.168.1.3, error=invalid_redirect_uri, response_type=code, redirect_uri=http://localhost:8080/customer-portal/customers/view.jsp<https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_customer-2Dportal_customers_view.jsp&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=OsxiL6BeDU5D0QuOWHsVL0TZhWTXfDDZuYjobUgf7xc&e=>, response_mode=query

but I’m not sure where “localhost” is coming from b/c the “valid redirect uri” for this Client/Application is configured like this:

* Valid Redirect URIs            http://wildfly.blah.com:8080/customer-portal/*<https://urldefense.proofpoint.com/v2/url?u=http-3A__wildfly.blah.com-3A8080_customer-2Dportal_-2A&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=8oUcsCec-PLfXxS2uHDhpLYgpdaYRM-J2MJKRqG_0Jo&e=>


Any help would be appreciated.
Thanks

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=jpaSijfGCGACbVftNPd2qMs4jGGImBmNNU9J0eDzs-0&e=>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160315/d375ed0d/attachment-0001.html

More information about the keycloak-user mailing list