Good morning everybody!
I am using self-managed CAMUNDA 8 to build a POC.
I integrated keycloak (version 21.1.2) with Azure AD, so far so good, until the moment I try to log in using the credentials of a user registered in Azure AD and receive a redirect error that says:
AADSTS50011: The redirect URI ‘http://IPXXXX:18080/auth/realms/camunda-platform/broker/azuread/endpoint’ specified in the request does not match the redirect URIs configured for the application ‘XXXX’. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to Error AADSTS50011 the redirect URI does not match the redirect URIs configured for the application - Azure | Microsoft Learn to learn more about how to fix this.
The redirect configured in Azure AD is as follows:
https://172.10.1.80:8443/auth/realms/camunda-platform/broker/azuread/endpoint
Supporting images attached
Has anyone experienced a situation like this or understand where I should change the redirect so that it is compatible with the redirect configured in Azure AD?
Your first screenshot says https://172.20.1.80:8443
Your second screenshot says https://172.20.1.80:18080
The complete URL (including TCP Ports) have to match. Try configuring the allowed Redirect URL in Azure to the https://172.20.1.80:18080 address.
The second image shows http://172.20.1.80:18080… and not https://172.20.1.80:18080… And yes
And I have already identified that they are different, the question is where to change them so that they are the same, as I cannot simply change Azure AD to http://172.20.1.80:18080… as it only accepts url with SSL enabled.
I’m assuming that you have set up Azure as an Identity Provider in Keycloak.
One of the fields to be filled in when you set up the Identity Provider is the “Redirect URL”
You can put the https://172.20.1.80:18080 address in there, however you need to make 100% sure that your Keycloak instance is actually listening for https on that address.
Unable to change identity provider redirect in Keycloak
Unfortunately, your image isn’t clear as to where it is from.
Both the Azure AD side and the Keycloak side have a “Redirect URL”
The Keycloak side is what gets passed to Azure AD.
The Azure AD side is what is allowed to be passed from Keycloak.
Everything is resolved if we understand where to change the keycloak base url to https:xxxx:8443
