[keycloak-user] keycloak proxy server
Chen Keong Yap
chenkeong.yap at izeno.com
Wed Feb 18 02:32:41 EST 2015
Hi,
Yes. I think keycloak proxy is quite similar to apache web proxy. Now the
only difference is apache web proxy can reverse proxy for app hosted on
different ip and port whereas keycloak proxy server seem like forcing the
app to run on same ip and port. I have tried to change the base-path and
target-url to use different ip and port but it does not work. Kindly share
the opinions.
On Feb 18, 2015 11:27 AM, "Bill Burke" <bburke at redhat.com> wrote:
> All browser HTTP requests go through the proxy. Your browser is never
> redirected to the actual application. The actual application should be
> behind a firewall or some other mechanism. Its the same concept as
> using Apache HTTPD in front of an application.
>
> On 2/17/2015 4:34 PM, Chen Keong Yap wrote:
> > Hi,
> >
> > Is there any updates? The app is protected by proxy but after login is
> > successful and is not redirect back to app and stay at proxy url
> >
> > On Feb 17, 2015 4:54 PM, "Chen Keong Yap" <chenkeong.yap at izeno.com
> > <mailto:chenkeong.yap at izeno.com>> wrote:
> >
> > Hi,
> >
> > When i access my app from http://localhost:8080/customer-portal and
> > it was redirected to keycloak login page
> > (https://192.168.1.10:8443/auth). After login is successful, the
> > request is redirected back to http://localhost:8080/customer-portal
> > instead of http://localhost:9080/customer-portal. Can someone advise
> > what's wrong with the settings?
> >
> > keycloak proxy server hosted on localhost:8080
> >
> > customer-portal application hosted on localhost:9080
> >
> > proxy.json configuration shown below.
> >
> > {
> > "target-url": "http://localhost:8082",
> > "bind-address": "localhost",
> > "http-port": "8080",
> > "https-port": "8443",
> > "keystore": "classpath:ssl.jks",
> > "keystore-password": "password",
> > "key-password": "password",
> > "send-access-token": true,
> > "applications": [
> > {
> > "base-path": "/customer-portal",
> > "error-page": "/error.html",
> > "adapter-config": {
> > "realm": "demo",
> > "resource": "customer-portal",
> > "realm-public-key":
> >
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
> > "auth-server-url": "https://192.168.1.10:8443/auth
> ",
> > "ssl-required" : "external",
> > "enable-cors" : true,
> > "principal-attribute": "KEYCLOAK_NAME",
> > "credentials": {
> > "secret": "password"
> > }
> > }
> > ,
> > "constraints": [
> > {
> > "pattern": "/users/*",
> > "roles-allowed": [
> > "user"
> > ]
> > },
> > {
> > "pattern": "/*",
> > "roles-allowed": [
> > "user"
> > ]
> > },
> > {
> > "pattern": "/call-bearer/*",
> > "roles-allowed": [
> > "user"
> > ]
> > },
> > {
> > "pattern": "/bearer/*",
> > "roles-allowed": [
> > "user"
> > ]
> > },
> > {
> > "pattern": "/admins/*",
> > "roles-allowed": [
> > "admin"
> > ]
> > },
> > {
> > "pattern": "/users/permit",
> > "permit": true
> > },
> > {
> > "pattern": "/users/deny",
> > "deny": true
> > }
> > ]
> > }
> > ]
> >
> >
> > }
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150218/5af8c063/attachment.html
More information about the keycloak-user
mailing list