Details
-
Bug
-
Resolution: Obsolete
-
Minor
-
None
-
SaaS
Description
When a new Red Hat Single Sign-On integration is configured, the Callback URL is generated, with the following format: https://DOMAIN-admin.3scale.net/auth/keycloak_abc123/callback
The documentation here doesn't explain what to do with this URL, in fact it just points to the SSO for Developer Portal documentation, but that info is not applicable here (this is captured in this issue: https://issues.jboss.org/browse/THREESCALE-227)
My assumption that this is the URL that needs to be added as Valid Redirect URIs on the RH SSO client. However the following happens:
- When clicking on the "Test authentication flow", I get the following error in RH SSO login page:
WE'RE SORRY ... Invalid parameter: redirect_uri
- If the integration is already published, the real login flow works as expected with Callback URL set as the only Valid Redirect URIs.
If the admin portal domain with wildcard path is used in Valid Redirect URIs (e.g. https://DOMAIN-admin.3scale.net/*), both the test flow and the real login work as expected.
Not sure if there's some bug in the integration, or it's just the lack of documentation (that should say that wildcard should be used, and NOT the Callback URL).
UPDATE:
A closer look to the redirect URL shows that on the Test flow it has the following format: https://DOMAIN-admin.3scale.net/p/admin/account/callback/keycloak_abc123
So, if it's added to the list of Valid Redirect URIs, everything works fine.
So, either we need to show both Callback URLs in the UI (so specific URLs can be configured as valid), or we need to make it explicit in the documentation that wildcard has to be used in Valid Redirect URIs (then I am not sure why we need to show the Callback URL in the UI).