Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8310

Fixed Hostname provider SPI doesn't support URL schema

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 4.6.0.Final
    • 4.3.0.Final
    • None
    • Keycloak Sprint 13
    • Hide

      Set a fixed url

      <spi name="hostname">
    <default-provider>fixed</default-provider>
    <provider name="fixed" enabled="true">
        <properties>
            <property name="hostname" value="auth.example.com"/>
            <property name="httpPort" value="-1"/>
            <property name="httpsPort" value="-1"/>
        </properties>
    </provider>
</spi>

      Have a frontend application to authenticate against the server through https.
      Send the obtained token to another application needing to interact with keycloak, e.g. exchanging tokens.
      Send that token to keycloak for exchange through http as it's bound to localhost.

      Then:
      expected issuer will fail because of the schema not matching.

      Show
      Set a fixed url <spi name= "hostname" > < default -provider>fixed</ default -provider> <provider name= "fixed" enabled= " true " > <properties> <property name= "hostname" value= "auth.example.com" /> <property name= "httpPort" value= "-1" /> <property name= "httpsPort" value= "-1" /> </properties> </provider> </spi> Have a frontend application to authenticate against the server through https. Send the obtained token to another application needing to interact with keycloak, e.g. exchanging tokens. Send that token to keycloak for exchange through http as it's bound to localhost. Then: expected issuer will fail because of the schema not matching.
    • NEW
    • NEW

    Description

      The fixed hostname provider doesn't support the schema creating problems for backend applications running in localhost or being routed through a host that does not allow schemas.

      This is particularly problematic when deploying on docker containers where different components talk to keycloak through different channels.

      Attachments

        Issue Links

          is caused by

          Feature Request - Feature requests from customers and/or users KEYCLOAK-7967 Hostname SPI

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Feature Request - Feature requests from customers and/or users KEYCLOAK-6073 Add support for OpenID Connect Discovery to Java adapters

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: KEYCLOAK

              People

                sthorger@redhat.com Stian Thorgersen
                fernando.mayoral Fernando Mayoral (Inactive)
                Votes:
                3 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: