[keycloak-user] KEYCLOAK-7237 : Redirect URI is adding port zero to the url

Shawn Fu Sheng shawn at victz.com
Sat Jun 30 10:17:14 EDT 2018


Dear keycloak team,

I encountered redirect_uri error. Found same issue logged at below JIRA, just want to check any work around? Anyone can help? Thank you in advance.

KEYCLOAK-7237 <https://issues.jboss.org/browse/KEYCLOAK-7237>

2018-06-30 11:34:13,996 WARN  [org.keycloak.events] (default task-8) type=LOGIN_ERROR, realmId=Victz, clientId=portal, userId=null, ipAddress=175.156.168.158, error=invalid_redirect_uri, redirect_uri=https://www.mydomain.com:0/home <https://www.mydomain.com:0/home>

I am using apache http reverse proxy running on centos7, wildly 10, keycloak 3.4.3. has also tried in below environment but same error.

Tried in 
wildly 10, wildly 11, jboss 7.1 
Keycloak 3.4.3 as well as keycloak 4.0

Also tried shutdown apache http and access directly to http://www.mydomain.com:8080/home <http://www.mydomain.com:8080/home> , but seems return_uri automatically been converted to https with port 0. 

Please see below standalone.xml, tried removed below config in red but no luck. 

        <subsystem xmlns="urn:jboss:domain:undertow:4.0">
            <buffer-cache name="default"/>
            <server name="default-server">
                <http-listener name="default" socket-binding="http" proxy-address-forwarding="true" enable-http2="true"/>
                <https-listener name="https" socket-binding="https" proxy-address-forwarding="true" security-realm="ApplicationRealm" enable-http2="true"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <location name="/drive" handler="drive"/>
                    <access-log pattern="%h %l %u %t &quot;%r&quot; %s %b &quot;%{i,Referer}&quot; &quot;%{i,User-Agent}&quot; &quot;%{i,COOKIE}&quot; &quot;%{o,SET-COOKIE}&quot; %S &quot;%I %T&quot;" prefix="access."/>
                    <filter-ref name="server-header"/>
                    <filter-ref name="x-powered-by-header"/>
                    <http-invoker security-realm="ApplicationRealm"/>
                </host>
                <host name="mydomain1" alias="mydomain1.com,www.mydomain1.com" default-web-module=“mydomain-0.1.war">
                    <location name="/drive" handler="drive”/>
                    <filter-ref name="proxy-peer"/>
                    <filter-ref name="request-dumper" priority="30"/>
                </host>
                <host name="mydomain2" alias="mydomain2.com,www.mydomain2.com" default-web-module="mydomain2-0.1.war">
                    <location name="/drive" handler="drive"/>
                    <filter-ref name="proxy-peer"/>
                    <filter-ref name="request-dumper" priority="30"/>
                </host>
                <host name="mydomain3" alias="mydomain3.com,www.mydomain3.com" default-web-module="mydomain3-0.1.war">
                    <location name="/drive" handler="drive"/>
                    <filter-ref name="proxy-peer"/>
                    <filter-ref name="request-dumper" priority="30"/>
                </host>

            </server>
            <servlet-container name="default">
                <jsp-config/>
                <websockets/>
            </servlet-container>
            <handlers>
                <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
                <file name="drive" path="/app/drive"/>
            </handlers>
            <filters>
                <response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
                <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
                <filter name="proxy-peer" class-name="io.undertow.server.handlers.ProxyPeerAddressHandler" module="io.undertow.core"/>
                <filter name="request-dumper" class-name="io.undertow.server.handlers.RequestDumpingHandler" module="io.undertow.core"/>
            </filters>
        </subsystem>

Rds,
Shawn


More information about the keycloak-user mailing list