Relative redirect_uri handling is broken in RH-SSO 7.4 and later version
Issue
- Getting
invalid parameter: redirect_uri
error during login, with the following error message recorded in the sso logs:
DEBUG [org.keycloak.protocol.oidc.utils.RedirectUtils] (default task-50) replacing relative valid redirect with: http://mydomain/redirect
WARN [org.keycloak.events] (default task-50) type=LOGIN_ERROR, realmId=myrealm, clientId=myclient, userId=null, ipAddress=x.x.x.x, error=invalid_redirect_uri, redirect_uri=/redirect
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7.4.0+
- Having a
/redirect
entry added in theValid Redirect URIs
field for a client configuration in Keycloak and the client redirect is set toredirect_uri=/redirect
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.