[keycloak-user] Invalid parameter: redirect_uri
Stian Thorgersen
sthorger at redhat.com
Fri Mar 18 07:30:40 EDT 2016
Localhost can only be used to access your app if you have a valid redirect
uri for it. Same goes for the other hostname. You can of course add both if
you want
On 15 Mar 2016 20:48, "Chris Raiskin" <Chris.Raiskin at standard.com> wrote:
> It looks like, if I run the demo using “localhost” in the URL. i.e.
>
> http://localhost:8080/customer-portal
>
> then I get “error=invalid_redirect_uri”
>
> However, if I run the demo using
>
> http://wildfly.blah.com:8080/customer-portal
>
> then keycloak responds with the login challenge as expected.
>
>
>
> On the keycloak side, this client is configured with the following “Valid
> Redirect URI”
>
> Valid Redirect URI
> http://wildfly.blah.com:8080/customer-portal/*
>
>
>
> According to the tooltip, the Request’s host:port will be used if a
> relative Redirect URI is configured.
>
> The above redirect URI is an absolute path so this URL should be used
> regardless of whether I use “localhost” or hostname in the request.
>
>
>
> Why error=invalid_redirect_uri?
>
>
>
>
>
>
>
> *From:* Chris Raiskin
> *Sent:* Tuesday, March 15, 2016 11:21 AM
> *To:* 'stian at redhat.com'
> *Cc:* keycloak-user
> *Subject:* RE: [keycloak-user] Invalid parameter: redirect_uri
>
>
>
> Yes, I did modify the client redirect uri - “customer-portal” client has
> the following URI configuration:
>
>
>
> Root: http://wildfly.blah.com:8080/customer-portal/
>
> Valid Redirect URIs:
>
> http://wildfly.blah.com:8080/customer-portal/*
>
> Admin URL:
>
> http://wildfly.blah.com:8080/customer-portal/
>
> Web Orgins:
>
> http://wildfly.blah.com:8080
>
>
>
>
>
> It looks like the error is triggered by “customer listing” link trying to
> execute customer-portal/view.jsp
>
>
>
> keycloak log shows the following entry where redirect_uri will be
>
> localhost if I use
> http://localhost:8080/customer-portal/
>
> or
>
> wildfly.blah.com if I use
> http://wildfly.blah.com:8080/customer-portal/
>
>
>
> 10:07:06,173 WARN [org.keycloak.events] (default task-3)
> type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null,
> ipAddress=192.168.1.3, error=invalid_redirect_uri, response_type=code,
> redirect_uri=
> http://wildfly.blah.com:8080/customer-portal/customers/view.jsp,
> response_mode=query
>
>
>
>
>
> I modified the relevant portion of view.jsp but it doesn’t change the
> outcome..
>
>
>
> <%
> String logoutUri = KeycloakUriBuilder.fromUri(*"http://wildfly.blah.com:8080//auth
> <http://wildfly.blah.com:8080/auth>"*
> ).path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
> .queryParam(*"redirect_uri"*, *"http://wildfly.blah.com:8080/customer-portal
> <http://wildfly.blah.com:8080/customer-portal>"*).build(*"demo"*
> ).toString();
> String acctUri = KeycloakUriBuilder.fromUri(*"http://wildfly.blah.com:8080/auth
> <http://wildfly.blah.com:8080/auth>"*
> ).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
> .queryParam(*"referrer"*, *"customer-portal"*).build(*"demo"*
> ).toString();
> IDToken idToken = CustomerDatabaseClient.getIDToken(request);
> %>
>
>
>
>
>
> Any other leads, please?
>
>
>
>
>
>
>
> *From:* Stian Thorgersen [mailto:sthorger at redhat.com <sthorger at redhat.com>]
>
> *Sent:* Sunday, March 13, 2016 11:44 PM
> *To:* Chris Raiskin
> *Cc:* keycloak-user
> *Subject:* Re: [keycloak-user] Invalid parameter: redirect_uri
>
>
>
> Did you change the redirect uri for the client? The default configuration
> of the demo assumes it'll be deployed on the same hostname as the Keycloak
> server. You can change this in the Keycloak admin console after importing
> the realm config from the demo. Simplest is to add a root url for the
> client.
>
> On 11 Mar 2016 19:32, "Chris Raiskin" <Chris.Raiskin at standard.com> wrote:
>
> Hello
>
>
>
> I’m following The Basic Part 2 tutorial
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DNMj4avFLMJ0&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=tVxpHdvAyvQ_m2W7UW5Wwb23I9mdfCSXpt5v8txpgf4&e=>
> with keycloak 1.9.0 with the purpose of demo’ing keycloak to the team.
>
>
>
> The only difference in my set up is that I have the keycloak server on a
> separate host from the wildfly server running the demo apps.
>
> When I hit “Customer Listing” link, I get
>
>
>
> WE’RE SORRY…
>
> Invalid parameter: redirect_uri
>
>
>
> displayed by the keycloak server.
>
>
>
>
> http://keycloak.blah.com:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=customer-portal&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp&state=1%2Fe1f42109-1372-4808-98aa-6cd5bbb0b9ac&login=true
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__keycloak.blah.com-3A8080_auth_realms_demo_protocol_openid-2Dconnect_auth-3Fresponse-5Ftype-3Dcode-26client-5Fid-3Dcustomer-2Dportal-26redirect-5Furi-3Dhttp-253A-252F-252Flocalhost-253A8080-252Fcustomer-2Dportal-252Fcustomers-252Fview.jsp-26state-3D1-252Fe1f42109-2D1372-2D4808-2D98aa-2D6cd5bbb0b9ac-26login-3Dtrue&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=MyBNLmc6pOBd754XkWkpNTxsi7apnZ6O7-QxQa2hmG4&e=>
>
>
>
> I can see that the redirect_uri is referencing “localhost” both from the
> URL above and the keycloak log entry:
>
>
>
> 11:21:52,483 WARN [org.keycloak.events] (default task-75)
> type=LOGIN_ERROR, realmId=demo, clientId=customer-portal, userId=null,
> ipAddress=192.168.1.3, error=invalid_redirect_uri, response_type=code,
> redirect_uri=http://localhost:8080/customer-portal/customers/view.jsp
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_customer-2Dportal_customers_view.jsp&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=OsxiL6BeDU5D0QuOWHsVL0TZhWTXfDDZuYjobUgf7xc&e=>,
> response_mode=query
>
>
>
> but I’m not sure where “localhost” is coming from b/c the “valid redirect
> uri” for this Client/Application is configured like this:
>
>
>
> * Valid Redirect URIs
> http://wildfly.blah.com:8080/customer-portal/*
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__wildfly.blah.com-3A8080_customer-2Dportal_-2A&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=8oUcsCec-PLfXxS2uHDhpLYgpdaYRM-J2MJKRqG_0Jo&e=>
>
>
>
>
>
> Any help would be appreciated.
>
> Thanks
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=CwMFaQ&c=8cFkWstqZYH09bQ2dZGSn7GyHTMJxzHALGGH69mOKEE&r=1TR4HdObYiKwwIPu8Q_HN5YKoE7W_lcY4ts6qFGn6uc&m=UEHXY5Jo1AjWDXBs1qvRJAxNkeXqMTMVXqpIkfuxiMM&s=jpaSijfGCGACbVftNPd2qMs4jGGImBmNNU9J0eDzs-0&e=>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160318/90a15782/attachment-0001.html
More information about the keycloak-user
mailing list