Join Log in
Score:0
Winter avatar Server

Bad nginx URI redirection

cn flag
Winter

I am trying to authenticate in a keycloak server however the redirect_uri doesnt come with the context (/admin/).

Nginx is producing a wrong URI redirect_uri: hxxps://***.pt/auth/realms/example/protocol/openid-connect/auth?response_type=code&client_id=appmovel&redirect_uri=http%3A%2F%2Fnewservice%2F&state=... Since there is no /admin/ on the URL resulting in a callback fail.

nginx config file:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

# HTTPS server
server {
    listen       443 ssl;
    server_name  localhost;

    ssl_certificate      cert.pem;
    ssl_certificate_key  cert.key;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location /api {
        absolute_redirect off;
        proxy_pass http://web-service:8080/api;
    }

    location /admin/ {
        proxy_set_header Host $host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://web-service:8080/;
    }
}

How and where should i configure to keep/add the context (/admin) in the redirect_uri ? Can be done by an nginx rewrite rule ?

44
0 + 0
in flag
Gerald Schneider
The redirect most probably comes from your keycloak server, not from nginx. Configure the proper baseurl in your keycloak.
0
Reply
in flag
Gerald Schneider
https://www.keycloak.org/docs/latest/server_installation/index.html#default-provider
0
Reply
Winter avatar
cn flag
Winter
keycloak is working good (its an old instalation that other applications are using without a problem) the problem is on tomcat servlet that is published in ROOT and mapped by nginx in /admin so when it try to authenticate in keycloak, Nginx/tomcat sends a wrong callback address to keycloak since nginx only rewrite the host and do not add the /admin context.
0
Reply
us flag
Tero Kilkanen
The problem needs still to be fixed in the application, so that it sends proper URLs in its responses.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.