keycloak-aplcache

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java b/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
index ff4601f..cf8354d 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
@@ -63,6 +63,8 @@ public class RedirectUtils {
             logger.debug("No Redirect URIs supplied");
             redirectUri = null;
         } else {
+            redirectUri = lowerCaseHostname(redirectUri);
+
             String r = redirectUri.indexOf('?') != -1 ? redirectUri.substring(0, redirectUri.indexOf('?')) : redirectUri;
             Set<String> resolveValidRedirects = resolveValidRedirects(uriInfo, rootUrl, validRedirects);
 
@@ -96,6 +98,15 @@ public class RedirectUtils {
         }
     }
 
+    private static String lowerCaseHostname(String redirectUri) {
+        int n = redirectUri.indexOf('/', 7);
+        if (n == -1) {
+            return redirectUri.toLowerCase();
+        } else {
+            return redirectUri.substring(0, n).toLowerCase() + redirectUri.substring(n);
+        }
+    }
+
     private static String relativeToAbsoluteURI(UriInfo uriInfo, String rootUrl, String relative) {
         if (rootUrl == null) {
             URI baseUri = uriInfo.getBaseUri();

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
index 527e279..d74812a 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
@@ -65,8 +65,15 @@ public class OAuthRedirectUriTest {
             ClientModel installedApp3 = KeycloakModelUtils.createClient(appRealm, "test-wildcard");
             installedApp3.setEnabled(true);
             installedApp3.addRedirectUri("http://example.com/foo/*");
+            installedApp3.addRedirectUri("http://with-dash.example.com/foo/*");
             installedApp3.addRedirectUri("http://localhost:8081/foo/*");
             installedApp3.setSecret("password");
+
+            ClientModel installedApp4 = KeycloakModelUtils.createClient(appRealm, "test-dash");
+            installedApp4.setEnabled(true);
+            installedApp4.addRedirectUri("http://with-dash.example.com");
+            installedApp4.addRedirectUri("http://with-dash.example.com/foo");
+            installedApp4.setSecret("password");
         }
     });
 
@@ -217,6 +224,27 @@ public class OAuthRedirectUriTest {
     }
 
     @Test
+    public void testDash() throws IOException {
+        oauth.clientId("test-dash");
+
+        checkRedirectUri("http://with-dash.example.com/foo", true);
+    }
+
+    @Test
+    public void testDifferentCaseInHostname() throws IOException {
+        oauth.clientId("test-dash");
+
+        checkRedirectUri("http://with-dash.example.com", true);
+        checkRedirectUri("http://wiTh-dAsh.example.com", true);
+        checkRedirectUri("http://with-dash.example.com/foo", true);
+        checkRedirectUri("http://wiTh-dAsh.example.com/foo", true);
+        checkRedirectUri("http://with-dash.eXampLe.com/foo", true);
+        checkRedirectUri("http://wiTh-dAsh.eXampLe.com/foo", true);
+        checkRedirectUri("http://wiTh-dAsh.eXampLe.com/Foo", false);
+        checkRedirectUri("http://wiTh-dAsh.eXampLe.com/foO", false);
+    }
+
+    @Test
     public void testLocalhost() throws IOException {
         oauth.clientId("test-installed");