KEYCLOAK-14019 Improvements for request_uri configuration

(cherry picked from commit c6f2e456f531c4dbe4cae7fc4c209744223a462b)
This commit is contained in:
mposolda 2021-01-07 17:44:42 +01:00 committed by Stian Thorgersen
parent 9a21c9cb05
commit 9f4b766a9f

View file

@ -1,5 +1,15 @@
== Migration Changes
=== Migrating to 12.0.2
==== Valid Request URIs
If you use the OpenID Connect parameter `request_uri`, a requirement exists that your client needs to have `Valid Request URIs` configured.
This can be configured through the admin console on the client details page or through the admin REST API or client registration API. Valid Request URIs need
to contain the list of Request URI values, which are permitted for the particular client. This is to avoid SSRF attacks. There is possibility to use wildcards
or relative paths similarly such as the `Valid Redirect URIs` option, however for security purposes, we typically recommend to use as specific value
as possible.
=== Migrating to 12.0.0
==== Upgrade to Wildfly 21