Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-7237

Redirect URI is adding port zero to the url

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Out of Date
    • Affects Version/s: 3.4.3.Final
    • Fix Version/s: None
    • Component/s: Adapter - JEE
    • Labels:
      None
    • Steps to Reproduce:
      Hide
      • Open the application
      • The application see that the user is not logged in and is thus redirected to sso login page
      • User logs in the user name and password
      • The page redirects after successful authentication
      • The request fails as the redirect url has port 0 in it
      Show
      Open the application The application see that the user is not logged in and is thus redirected to sso login page User logs in the user name and password The page redirects after successful authentication The request fails as the redirect url has port 0 in it
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Hi Team,

      We have a JSP + MVC server based application deployed on JBoss which we are integrating with Keycloak to enable SSO.

      For this we installed the adapter on Jboss and configured the application using keyclaok.json and web.xml auth method change.

      However after changing the application when we are deploying the application and validating the changes we can see some weird redirect_uri.

      DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] Sending redirect to login page: https://sso.qa.xx.com/auth/realms/xx-external/protocol/openid-connect/auth?response_type=code&client_id=https%3A%2F%2Fwww.qa.xx.com%2Fwapps%2Fyyyy-oidc&redirect_uri=https%3A%2F%2Fwww.qa.xx.com%3A0%2Fwapps%2Fyyyy%2Fprotected%2Flist.html&state=5dd95daa-9854-47e5-8912-46d5d7fbb8c1&login=true&scope=openid

      If you look closely we are getting port as 0 added and hence the whole url just becomes wrong and the login flow fails.

      I am analyzing the code to see why this is happening but wanted to raise this as an incident as I feel that the port conditions are not handing all the cases correctly.

      log.debugf("callback uri: %s", url);
            
              if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) {
                  int port = sslRedirectPort();
                  if (port < 0) {
                      // disabled?
                      return null;
                  }
                  KeycloakUriBuilder secureUrl = KeycloakUriBuilder.fromUri(url).scheme("https").port(-1);
                  if (port != 443) secureUrl.port(port);
                  url = secureUrl.build().toString();
              }
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            pulgupta Pulkit Gupta (Inactive)
            Votes:
            4 Vote for this issue
            Watchers:
            10 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: