When using Keycloak installed through UCS and using it for OIDC authentication with other applications I’m getting: ‘invalid parameter: redirect_uri’.
My setup is as follows:
UCS as Active Directory Domain Controller with Keycloak for SAML and OIDC, available at:
- dc1.mydomain.grp (Domain Controller root)
- ucs-sso-ng.mydomain.grp (Single Sign On).
Third party app (e.g. paperless-ngx/homarr) configured to use UCS Keycloak for SSO using OIDC, apps available at:
- home.mydomain.grp
- docs.mydomain.grp
Windows 11 joined to domain succesfully. Logging in to domain controller using SAML works as expected. Root certificate is imported and recognised. All domains are available from a browser.
From other sources on the internet, the ‘invalid_parameter: redirect_uri’ seems to relate to the ‘Valid redirect URIs’ in the Client settings in Keycloak. Changing this to either , . or even https://home.mydomain.grp/* does not work and result to the same message.
It feels like Keycloak or the realm might by tight to the domains in use by the Domain Controller.
If anyone has some pointers on where to look or what configuration to change that would be greatly appreciated.