diff --git a/packages/auth/README.md b/packages/auth/README.md
index 8d95b6e7b8a68f2f879009c343d50d3fd008a3f9..5367c0d4e7fe46ec1f07346237c84b4876918e7f 100644
--- a/packages/auth/README.md
+++ b/packages/auth/README.md
@@ -28,7 +28,7 @@
- `url`: The base URL of the Keycloak server
- `realm`: The Keycloak realm
- `clientId`: The Keycloak client to use
-- `silentCheckSsoRedirectUri`: URI to a separate page for checking the login session in an iframe, see https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter
+- `silentCheckSsoRedirectUri`: URI or path to a separate page for checking the login session in an iframe, see https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter
- `scope`: Space separated list of scopes to request. These scopes get added in addition to the default ones, assuming the scope is in the optional scopes list of the Keycloak client in use.
## Events to listen to
diff --git a/packages/auth/src/keycloak.js b/packages/auth/src/keycloak.js
index 831f99627849c86e496553a7d9b054d0e0150c9a..b46af737d94428d3fd31ec1a443dce4566740d3f 100644
--- a/packages/auth/src/keycloak.js
+++ b/packages/auth/src/keycloak.js
@@ -17,6 +17,18 @@ const promiseTimeout = function(ms, promise) {
};
+/**
+ * Returns a URL for a relative path or URL
+ */
+const ensureURL = function(urlOrPath) {
+ try {
+ return new URL(urlOrPath).href;
+ } catch (e) {
+ return new URL(urlOrPath, window.location.href).href;
+ }
+}
+
+
/**
* Wraps the keycloak API to support async/await, adds auto token refreshing and consolidates all
* events into one native "changed" event
@@ -111,7 +123,7 @@ export class KeycloakWrapper extends EventTarget {
if (this._silentCheckSsoUri) {
options['onLoad'] = 'check-sso';
- options['silentCheckSsoRedirectUri'] = this._silentCheckSsoUri;
+ options['silentCheckSsoRedirectUri'] = ensureURL(this._silentCheckSsoUri);
// When silent-sso-check is active but the iframe doesn't load/work we will
// never return here, so add a timeout and emit a signal so the app can continue