keycloak-uncached

diff --git a/docbook/reference/en/en-US/modules/jboss-adapter.xml b/docbook/reference/en/en-US/modules/jboss-adapter.xml
index bd9d3a9..c141397 100755
--- a/docbook/reference/en/en-US/modules/jboss-adapter.xml
+++ b/docbook/reference/en/en-US/modules/jboss-adapter.xml
@@ -1,4 +1,4 @@
-<section>
+<section id="jboss-adapter">
     <title>JBoss/Wildfly Adapter</title>
     <para>
         To be able to secure WAR apps deployed on JBoss AS 7.1.1, JBoss EAP 6.x, or Wildfly, you must install and
@@ -7,7 +7,7 @@
         to crack open your WARs at all and can apply Keycloak via the Keycloak Subsystem configuration in standalone.xml.
         Both methods are described in this section.
     </para>
-    <section>
+    <section id="jboss-adapter-installation">
         <title>Adapter Installation</title>
     <para>
         This is a adapter zip file for AS7, EAP, and Wildfly in the <literal>adapters/</literal> directory in the Keycloak

diff --git a/docbook/reference/en/en-US/modules/server-installation.xml b/docbook/reference/en/en-US/modules/server-installation.xml
index 5904569..32476ee 100755
--- a/docbook/reference/en/en-US/modules/server-installation.xml
+++ b/docbook/reference/en/en-US/modules/server-installation.xml
@@ -107,6 +107,11 @@ keycloak-war-dist-all-1.0-rc-1-SNAPSHOT/
 </programlisting>
         </para>
         <para>
+            After these steps you should also <link linkend='jboss-adapter-installation'>install the client adapter</link>
+            as this may contain modules the server needs (like Bouncycastle).  You will also need to install the adapter
+            to run the examples on the same server.
+        </para>
+        <para>
             After booting up the JBoss or Wildfly distro, you can then make sure it is installed properly
             by logging into the admin console at<ulink
                 url="http://localhost:8080/auth/admin/index.html">

diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index bb85b50..0b11d7e 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -1288,6 +1288,9 @@ public class TokenService {
 
                 valid = matchesRedirects(resolveValidRedirects, r);
             }
+            if (valid && redirectUri.startsWith("/")) {
+                redirectUri = relativeToAbsoluteURI(uriInfo, redirectUri);
+            }
             redirectUri = valid ? redirectUri : null;
         }
 
@@ -1302,20 +1305,26 @@ public class TokenService {
         // If the valid redirect URI is relative (no scheme, host, port) then use the request's scheme, host, and port
         Set<String> resolveValidRedirects = new HashSet<String>();
         for (String validRedirect : validRedirects) {
+            resolveValidRedirects.add(validRedirect); // add even relative urls.
             if (validRedirect.startsWith("/")) {
-                URI baseUri = uriInfo.getBaseUri();
-                String uri = baseUri.getScheme() + "://" + baseUri.getHost();
-                if (baseUri.getPort() != -1) {
-                    uri += ":" + baseUri.getPort();
-                }
-                validRedirect = uri + validRedirect;
+                validRedirect = relativeToAbsoluteURI(uriInfo, validRedirect);
                 logger.debugv("replacing relative valid redirect with: {0}", validRedirect);
+                resolveValidRedirects.add(validRedirect);
             }
-            resolveValidRedirects.add(validRedirect);
         }
         return resolveValidRedirects;
     }
 
+    public static String relativeToAbsoluteURI(UriInfo uriInfo, String relative) {
+        URI baseUri = uriInfo.getBaseUri();
+        String uri = baseUri.getScheme() + "://" + baseUri.getHost();
+        if (baseUri.getPort() != -1) {
+            uri += ":" + baseUri.getPort();
+        }
+        relative = uri + relative;
+        return relative;
+    }
+
     private boolean checkSsl() {
         if (uriInfo.getBaseUri().getScheme().equals("https")) {
             return true;

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
index a9114eb..b06d1b8 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
@@ -149,7 +149,7 @@ public class RelativeUriAdapterTest {
         // test logout
 
         String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
-                .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build("demo").toString();
+                .queryParam(OAuth2Constants.REDIRECT_URI, "/customer-portal").build("demo").toString();
         driver.navigate().to(logoutUri);
         Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
         driver.navigate().to("http://localhost:8081/product-portal");