Re: [I] bug: APISIX 3.14.0+ OpenID Connect redirect drops request port (regression vs 3.13.0) [apisix]

Mon, 09 Feb 2026 07:23:45 -0800 


Mr-EmPee commented on issue #12970:
URL: https://github.com/apache/apisix/issues/12970#issuecomment-3872387107

   Hi @Baoyuantop you need to configure the openid plugin how you normally 
would. 
   
   This is my buggy config, keep in mind that keycloak is behind apisix, 
everything is running in the same docker-compose.
   config.yaml
   ```
   apisix:
     ssl:
       fallback_sni: "localhost"
   
   deployment:
     role: data_plane
     role_data_plane:
       config_provider: yaml
   
   #END
   ```
   
   apisix.yaml
   ```
     - uri: /auth/*
       upstream:
         nodes:
           "keycloak:8080": 1
         type: roundrobin
       plugins:
         proxy-rewrite:
           headers:
             Forwarded: 'for="$remote_addr";host="$http_host";proto="$scheme"'
     - uri: /api/*
       upstream:
         nodes:
           "be-orchestrator:8080": 1
         type: roundrobin
       plugin_config_id: oidc-default
   plugin_configs:
     - id: oidc-default
       plugins:
         openid-connect:
           bearer_only: false
           session:
             secret: <my_secret>
           client_id: apisix
           client_secret: <my_client_secret>
           discovery: 
http://keycloak:8080/auth/realms/warehouse-automation/.well-known/openid-configuration
           scope: "openid profile"
   ```
   
   docker-compose.yml
   ```
     apisix:
       image: apache/apisix:3.14.1-debian
       volumes:
         - "./apisix/configs/apisix.yaml:/usr/local/apisix/conf/apisix.yaml:ro"
         - "./apisix/configs/config.yaml:/usr/local/apisix/conf/config.yaml:ro"
       ports:
         - "8888:9080"
       depends_on:
         keycloak:
           condition: service_healthy
   ```
   
   After having a working configuration you can try to curl apisix on a 
protected route my is on (http://localhost:8888)
   You will see that it replies with a redirect, the redirect location has the 
redirect_uri parameter value with the wrong port...
   
   To fix it I had to downgrade.
   
   P.S. I also found another bug where if you use port 80 (instead of 8888) a 
500 internal server error occurs to fix it you need to change the apisix server 
port also to 80 (instead of default 9080)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to