[keycloak-user] KEYCLOAK-7237 : Redirect URI is adding port zero to the url

Shawn Fu Sheng shawn at victz.com
Mon Jul 2 04:23:17 EDT 2018


Dear team,

Just for your update, managed to work around this issue. Suspect the issue caused by apache reverse proxy.

Modified SSL require to none and it works ok now. 

Thanks and regards,
Shawn Fu Sheng

> On Jun 30, 2018, at 10:17 PM, Shawn Fu Sheng <shawn at victz.com> wrote:
> 
> 
> Dear keycloak team,
> 
> I encountered redirect_uri error. Found same issue logged at below JIRA, just want to check any work around? Anyone can help? Thank you in advance.
> 
> KEYCLOAK-7237
> 
> 2018-06-30 11:34:13,996 WARN  [org.keycloak.events] (default task-8) type=LOGIN_ERROR, realmId=Victz, clientId=portal, userId=null, ipAddress=175.156.168.158, error=invalid_redirect_uri, redirect_uri=https://www.mydomain.com:0/home
> 
> I am using apache http reverse proxy running on centos7, wildly 10, keycloak 3.4.3. has also tried in below environment but same error.
> 
> Tried in 
> wildly 10, wildly 11, jboss 7.1 
> Keycloak 3.4.3 as well as keycloak 4.0
> 
> Also tried shutdown apache http and access directly to http://www.mydomain.com:8080/home , but seems return_uri automatically been converted to https with port 0. 
> 
> Please see below standalone.xml, tried removed below config in red but no luck. 
> 
>         <subsystem xmlns="urn:jboss:domain:undertow:4.0">
>             <buffer-cache name="default"/>
>             <server name="default-server">
>                 <http-listener name="default" socket-binding="http" proxy-address-forwarding="true" enable-http2="true"/>
>                 <https-listener name="https" socket-binding="https" proxy-address-forwarding="true" security-realm="ApplicationRealm" enable-http2="true"/>
>                 <host name="default-host" alias="localhost">
>                     <location name="/" handler="welcome-content"/>
>                     <location name="/drive" handler="drive"/>
>                     <access-log pattern="%h %l %u %t &quot;%r&quot; %s %b &quot;%{i,Referer}&quot; &quot;%{i,User-Agent}&quot; &quot;%{i,COOKIE}&quot; &quot;%{o,SET-COOKIE}&quot; %S &quot;%I %T&quot;" prefix="access."/>
>                     <filter-ref name="server-header"/>
>                     <filter-ref name="x-powered-by-header"/>
>                     <http-invoker security-realm="ApplicationRealm"/>
>                 </host>
>                 <host name="mydomain1" alias="mydomain1.com,www.mydomain1.com" default-web-module=“mydomain-0.1.war">
>                     <location name="/drive" handler="drive”/>
>                     <filter-ref name="proxy-peer"/>
>                     <filter-ref name="request-dumper" priority="30"/>
>                 </host>
>                 <host name="mydomain2" alias="mydomain2.com,www.mydomain2.com" default-web-module="mydomain2-0.1.war">
>                     <location name="/drive" handler="drive"/>
>                     <filter-ref name="proxy-peer"/>
>                     <filter-ref name="request-dumper" priority="30"/>
>                 </host>
>                 <host name="mydomain3" alias="mydomain3.com,www.mydomain3.com" default-web-module="mydomain3-0.1.war">
>                     <location name="/drive" handler="drive"/>
>                     <filter-ref name="proxy-peer"/>
>                     <filter-ref name="request-dumper" priority="30"/>
>                 </host>
> 
>             </server>
>             <servlet-container name="default">
>                 <jsp-config/>
>                 <websockets/>
>             </servlet-container>
>             <handlers>
>                 <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
>                 <file name="drive" path="/app/drive"/>
>             </handlers>
>             <filters>
>                 <response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
>                 <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
>                 <filter name="proxy-peer" class-name="io.undertow.server.handlers.ProxyPeerAddressHandler" module="io.undertow.core"/>
>                 <filter name="request-dumper" class-name="io.undertow.server.handlers.RequestDumpingHandler" module="io.undertow.core"/>
>             </filters>
>         </subsystem>
> 
> Rds,
> Shawn


More information about the keycloak-user mailing list