Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8310

Fixed Hostname provider SPI doesn't support URL schema

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 4.3.0.Final
    • Fix Version/s: 4.6.0.Final
    • Component/s: None
    • Labels:
    • Sprint:
      Keycloak Sprint 13
    • Steps to Reproduce:
      Hide

      Set a fixed url

      <spi name="hostname">
          <default-provider>fixed</default-provider>
          <provider name="fixed" enabled="true">
              <properties>
                  <property name="hostname" value="auth.example.com"/>
                  <property name="httpPort" value="-1"/>
                  <property name="httpsPort" value="-1"/>
              </properties>
          </provider>
      </spi>
      

      Have a frontend application to authenticate against the server through https.
      Send the obtained token to another application needing to interact with keycloak, e.g. exchanging tokens.
      Send that token to keycloak for exchange through http as it's bound to localhost.

      Then:
      expected issuer will fail because of the schema not matching.

      Show
      Set a fixed url <spi name= "hostname" > < default -provider>fixed</ default -provider> <provider name= "fixed" enabled= " true " > <properties> <property name= "hostname" value= "auth.example.com" /> <property name= "httpPort" value= "-1" /> <property name= "httpsPort" value= "-1" /> </properties> </provider> </spi> Have a frontend application to authenticate against the server through https. Send the obtained token to another application needing to interact with keycloak, e.g. exchanging tokens. Send that token to keycloak for exchange through http as it's bound to localhost. Then: expected issuer will fail because of the schema not matching.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      The fixed hostname provider doesn't support the schema creating problems for backend applications running in localhost or being routed through a host that does not allow schemas.

      This is particularly problematic when deploying on docker containers where different components talk to keycloak through different channels.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  stianst Stian Thorgersen
                  Reporter:
                  fmayoral.practiv Fernando Mayoral
                • Votes:
                  3 Vote for this issue
                  Watchers:
                  9 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: