Details
-
Bug
-
Status: Closed
-
Major
-
Resolution:
Out of Date
-
3.4.3.Final
-
None
-
None
-
-
NEW
-
NEW
Description
Hi Team,
We have a JSP + MVC server based application deployed on JBoss which we are integrating with Keycloak to enable SSO.
For this we installed the adapter on Jboss and configured the application using keyclaok.json and web.xml auth method change.
However after changing the application when we are deploying the application and validating the changes we can see some weird redirect_uri.
DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] Sending redirect to login page: https://sso.qa.xx.com/auth/realms/xx-external/protocol/openid-connect/auth?response_type=code&client_id=https%3A%2F%2Fwww.qa.xx.com%2Fwapps%2Fyyyy-oidc&redirect_uri=https%3A%2F%2Fwww.qa.xx.com%3A0%2Fwapps%2Fyyyy%2Fprotected%2Flist.html&state=5dd95daa-9854-47e5-8912-46d5d7fbb8c1&login=true&scope=openid
If you look closely we are getting port as 0 added and hence the whole url just becomes wrong and the login flow fails.
I am analyzing the code to see why this is happening but wanted to raise this as an incident as I feel that the port conditions are not handing all the cases correctly.
log.debugf("callback uri: %s", url); if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) { int port = sslRedirectPort(); if (port < 0) { // disabled? return null; } KeycloakUriBuilder secureUrl = KeycloakUriBuilder.fromUri(url).scheme("https").port(-1); if (port != 443) secureUrl.port(port); url = secureUrl.build().toString(); }
