[keycloak-user] keycloak proxy server
Bill Burke
bburke at redhat.com
Tue Feb 17 22:26:51 EST 2015
All browser HTTP requests go through the proxy. Your browser is never
redirected to the actual application. The actual application should be
behind a firewall or some other mechanism. Its the same concept as
using Apache HTTPD in front of an application.
On 2/17/2015 4:34 PM, Chen Keong Yap wrote:
> Hi,
>
> Is there any updates? The app is protected by proxy but after login is
> successful and is not redirect back to app and stay at proxy url
>
> On Feb 17, 2015 4:54 PM, "Chen Keong Yap" <chenkeong.yap at izeno.com
> <mailto:chenkeong.yap at izeno.com>> wrote:
>
> Hi,
>
> When i access my app from http://localhost:8080/customer-portal and
> it was redirected to keycloak login page
> (https://192.168.1.10:8443/auth). After login is successful, the
> request is redirected back to http://localhost:8080/customer-portal
> instead of http://localhost:9080/customer-portal. Can someone advise
> what's wrong with the settings?
>
> keycloak proxy server hosted on localhost:8080
>
> customer-portal application hosted on localhost:9080
>
> proxy.json configuration shown below.
>
> {
> "target-url": "http://localhost:8082",
> "bind-address": "localhost",
> "http-port": "8080",
> "https-port": "8443",
> "keystore": "classpath:ssl.jks",
> "keystore-password": "password",
> "key-password": "password",
> "send-access-token": true,
> "applications": [
> {
> "base-path": "/customer-portal",
> "error-page": "/error.html",
> "adapter-config": {
> "realm": "demo",
> "resource": "customer-portal",
> "realm-public-key":
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
> "auth-server-url": "https://192.168.1.10:8443/auth",
> "ssl-required" : "external",
> "enable-cors" : true,
> "principal-attribute": "KEYCLOAK_NAME",
> "credentials": {
> "secret": "password"
> }
> }
> ,
> "constraints": [
> {
> "pattern": "/users/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/call-bearer/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/bearer/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/admins/*",
> "roles-allowed": [
> "admin"
> ]
> },
> {
> "pattern": "/users/permit",
> "permit": true
> },
> {
> "pattern": "/users/deny",
> "deny": true
> }
> ]
> }
> ]
>
>
> }
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list