OPENIDC redirect URI does not accept http

By: Kwadwo Obeng user 09 Mar 2021 at 10:30 a.m. CST

11 Responses
Kwadwo Obeng gravatar
I get this notice, " http schema is allowed with localhost-127.0.0.1" when I try to set the redirect login uri to an http value in the openidc client settings.
Gluu 4.2.3 Debian 10.0
closed

Answers

By Kwadwo Obeng user 09 Mar 2021 at 10:45 a.m. CST

Copy
Kwadwo Obeng gravatar
But i dont encounter any error when I use local host as the IP

By Mohib Zico Account Admin 09 Mar 2021 at 11:04 a.m. CST

Copy
Mohib Zico gravatar
@Mohit.Mali: can you please test. I know it was a [bug](https://github.com/GluuFederation/oxTrust/issues/2049), but should be fixed in 4.2.3.

By Mohit Mali staff 11 Mar 2021 at 6:11 a.m. CST

Copy
Mohit Mali gravatar
hi @Kwadwo Obeng & @Mohib.Zico As per now only two values are accepted using http a) http://localhost b) http://127.0.0.1 other redirect needs to have https , i think that were introduced intentionally, @Mohib.Zico what you think its bug?

By Mohib Zico Account Admin 11 Mar 2021 at 6:15 a.m. CST

Copy
Mohib Zico gravatar
>> As per now only two values are accepted using http a) http://localhost b) http://127.0.0.1 If these values are accepted and if we can register any `https` value, then no it's not bug.

By Kwadwo Obeng user 11 Mar 2021 at 11:28 a.m. CST

Copy
Kwadwo Obeng gravatar
But is there any work around that can allow the use of http sites.If there isn't any does it mean we can't ever authenticate http servers with gluu openid connect.I have a couple of http sites I want to use.

By Mohit Mali staff 12 Mar 2021 at 6:24 a.m. CST

Copy
Mohit Mali gravatar
Hi Kwadwo Obeng , http schema is only allow for local development , you can check this commit on oxTrust its restricted other domain rather then localhost or 127.0.0.1. https://github.com/GluuFederation/oxTrust/commit/d6cc7181f15dd192a85e0f7335b453fae167cf95#diff-1d164929050ec246d9f7928bef9f40ce3fd5f80c44353953bbf8cadb82d221e2

By Kwadwo Obeng user 12 Mar 2021 at 10:24 a.m. CST

Copy
Kwadwo Obeng gravatar
Hello @Mohit.Mali , I know I am supposed to know this already but from the link you sent,they made some changes to one UpdateClientAction.java file.But from my gluu server deployment there was no such path to the specified file.I managed to find one close enough and it was UpdateClientAction.class.I used javap to view the file but the content was different from what was expected.Im i doing anything wrong

By Mohib Zico Account Admin 16 Mar 2021 at 1:46 a.m. CDT

Copy
Mohib Zico gravatar
Hi Kwadwo, You can try to manually add your desired FQDN locally through LDAP entry. Then let's see how things go.

By Kwadwo Obeng user 16 Mar 2021 at 8:25 a.m. CDT

Copy
Kwadwo Obeng gravatar
Okay for my setup I am not using gluu's local ldap.I set up cache refresh to a remote active directory.And the FQDN of the gluu server and the http site I want to secure are all on an external dns.So I don't really get what you mean.Can you please elaborate.

By Mohib Zico Account Admin 16 Mar 2021 at 9:55 a.m. CDT

Copy
Mohib Zico gravatar
"Cache Refresh" is for user data syncing which from your another AD, that's okay. But Gluu's configurations are still inside it's own LDAP server or n1QL server. I pointed this server. [Here](https://www.gluu.org/docs/gluu-server/4.2/user-management/local-user-management/#manage-data-in-gluu-ldap) is how to connect to your local LDAP server.

By Kwadwo Obeng user 16 Mar 2021 at 1:38 p.m. CDT

Copy
Kwadwo Obeng gravatar
Okay. I get you now.I will try that as soon as possible and give feedback

Post an answer