<div dir="ltr">I'm not convinced about this. A lot of complexity for what seems like little benefit. The improvement of not having to do OIDC would probably end up being outweighed by all requests going through Keycloak rather than a separate proxy.</div><div class="gmail_extra"><br><div class="gmail_quote">On 9 August 2016 at 11:06, Thomas Darimont <span dir="ltr"><<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">FYI, I sent some questions to the undertow dev-mailing list regarding dynamic vhost configuration:<div><a href="http://lists.jboss.org/pipermail/undertow-dev/2016-August/001668.html" target="_blank">http://lists.jboss.org/<wbr>pipermail/undertow-dev/2016-<wbr>August/001668.html</a><br></div><div><br></div><div>Cheers,</div><div>Thomas</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2016-08-05 21:26 GMT+02:00 Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Yeah, on the Client creation page, instead of oidc or saml, you
can pick "proxied". You would specify the URL pattern of incoming
requests and the URL pattern to forward HTTP requests and bam, it
just works. Set up some virtual host table on demand with
Undertow.<br>
</p><div><div>
<br>
<div>On 8/5/16 11:36 AM, Thomas Darimont
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Sounds interesting...
<div><br>
</div>
<div>could you provide a bit more detail about what you have in
mind?</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Thomas</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-08-05 16:38 GMT+02:00 Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Bump.<br>
<br>
I'm going to keep bumping this occasionally to see if
somebody in the<br>
community wants to take this on.<br>
<div>
<div><br>
<br>
On 8/4/16 8:30 PM, Bill Burke wrote:<br>
> I think we should combine Keycloak Proxy with the
keycloak server. When<br>
> creating a client, you would have an option to
declare it as a proxied<br>
> client. This is way better than what we currently
have as we woudln't<br>
> have to do SAML or OIDC so it would be more
performant and it would<br>
> require no additional setup.<br>
><br>
> ______________________________<wbr>_________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-dev</a><br>
<br>
______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-dev</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-dev</a><br></blockquote></div><br></div>