[keycloak-user] Setting custom redirect URI in SAML Identity Provider

Edgar Vonk - Info.nl Edgar at info.nl
Wed Feb 27 05:25:17 EST 2019


I now realise that the host name in the redirect URI is simply set using the current request (i.e. the URL in the browser) so it should just work in our reverse-proxy setup without having to change any of the bind addresses. We hope.. ;-)

On 27 Feb 2019, at 09:19, Luis Rodríguez Fernández <uo67113 at gmail.com<mailto:uo67113 at gmail.com>> wrote:

Hello Edgar,

mmm, perhaps you can specify a different bind address [1]

Hope it helps,


[1] https://www.keycloak.org/docs/latest/server_installation/index.html#_network

El mar., 26 feb. 2019 a las 17:04, Edgar Vonk - Info.nl<http://Info.nl> (<Edgar at info.nl<mailto:Edgar at info.nl>>) escribió:

We use a SAML Identity Provider configuration in Keycloak to broker identities to an external SAML-based Identity Provider. This works fine but now we have the requirement that after authentication the user needs to be redirected first to a reverse-proxy and only then back to us (as in: Keycloak). I.e. we need to configure a custom redirect URI in our SAML Identity Provider in Keycloak..

However this redirect URI seems to be generated on-the-fly in Keycloak and the hostname part seems always set to the host where Keycloak runs on?

Our question is: is this redirect URI configurable at all and if not, how could we go about setting it ourselves (the hostname part at least)? I guess that we would need to create our own custom Identity Provider (e.g. extension of the SAMLIdentityProvider and related Java classes) and install this in Keycloak?
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>


"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

More information about the keycloak-user mailing list