The OpenID Connect 1.0 spec recommends whitelisting the URLs that are allowed to redirect from the IdP to the IAM. This prevents MITM interceptions etc.
It is an OPTIONAL parameter, however, after Authenticate 1.2.78, it is a REQUIRED parameter.
For redirecting back to KeyCloak, the format of this parameter must be of the form:
https://[iam-address]/auth/realms/[keycloak-realm]/broker/oidc/endpoint
E.g. if your IAM is at address https://iam.demo.haventec.com and your realm is 'acme', then the url must be
https://iam.demo.haventec.com/auth/realms/acme/broker/oidc/endpoint
You can obtain this value from KeyCloak, from your Identity Provider:
This must be populated in Console in the Valid Redirect URI Values input, in your Application Details, under Protocol Settings:
Comments
0 comments
Please sign in to leave a comment.