How to configure Specific redirect URLs in Keycloak for VMware Telco Cloud Service Assurance UI?

1.x

To defend against such security attacks, configure keycloak to specific redirect logout URLs. The admin user can update this using the keycloak console to the required specific url of the Control Plane Node / DNS name.

Steps to follow:
1) Login to keycloak admin console at the following URI as admin
https://<VMwareTelcoCloudOperations_UI>/auth
2) Select NGINX realm on the left side drop down window.
3) Under clients section repeat the following steps for "nginx" and "operational-ui" clients.
4) On the settings tab configure the "Valid Redirect URIs" field to the required IP / DNS name.

For authorization code flows, when redirect URIs are registered that are too general, it would be possible for a rogue client to impersonate a different client that has a broader scope of access. This could happen for instance if two clients live under the same domain. So, it's recommended to make the registered redirect URIs as specific as feasible.