[keycloak-user] keycloak proxy server
Bill Burke
bburke at redhat.com
Wed Feb 18 08:19:29 EST 2015
This is what is happening:
* Keycloak server is deployed at https://192.168.1.10:8443/auth
* Keycloak proxy is deployed at localhost:8080
* Customer portal is deployed at localhost:8082
1. Browser visits proxy
2. proxy sees browser is logged in, redirects to keycloak
3. Keycloak logs browser in, redirects back to proxy
4. proxy makes an out-of-band request to customer portal
5. proxy copies response from customer portal and returns it to browser
Which step is not happening?
On 2/18/2015 2:32 AM, Chen Keong Yap wrote:
> Hi,
>
> Yes. I think keycloak proxy is quite similar to apache web proxy. Now
> the only difference is apache web proxy can reverse proxy for app hosted
> on different ip and port whereas keycloak proxy server seem like forcing
> the app to run on same ip and port. I have tried to change the base-path
> and target-url to use different ip and port but it does not work. Kindly
> share the opinions.
>
> On Feb 18, 2015 11:27 AM, "Bill Burke" <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
> All browser HTTP requests go through the proxy. Your browser is never
> redirected to the actual application. The actual application should be
> behind a firewall or some other mechanism. Its the same concept as
> using Apache HTTPD in front of an application.
>
> On 2/17/2015 4:34 PM, Chen Keong Yap wrote:
> > Hi,
> >
> > Is there any updates? The app is protected by proxy but after
> login is
> > successful and is not redirect back to app and stay at proxy url
> >
> > On Feb 17, 2015 4:54 PM, "Chen Keong Yap"
> <chenkeong.yap at izeno.com <mailto:chenkeong.yap at izeno.com>
> > <mailto:chenkeong.yap at izeno.com
> <mailto:chenkeong.yap at izeno.com>>> wrote:
> >
> > Hi,
> >
> > When i access my app from
> http://localhost:8080/customer-portal and
> > it was redirected to keycloak login page
> > (https://192.168.1.10:8443/auth). After login is successful, the
> > request is redirected back to
> http://localhost:8080/customer-portal
> > instead of http://localhost:9080/customer-portal. Can someone
> advise
> > what's wrong with the settings?
> >
> > keycloak proxy server hosted on localhost:8080
> >
> > customer-portal application hosted on localhost:9080
> >
> > proxy.json configuration shown below.
> >
> > {
> > "target-url": "http://localhost:8082",
> > "bind-address": "localhost",
> > "http-port": "8080",
> > "https-port": "8443",
> > "keystore": "classpath:ssl.jks",
> > "keystore-password": "password",
> > "key-password": "password",
> > "send-access-token": true,
> > "applications": [
> > {
> > "base-path": "/customer-portal",
> > "error-page": "/error.html",
> > "adapter-config": {
> > "realm": "demo",
> > "resource": "customer-portal",
> > "realm-public-key":
> >
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
> > "auth-server-url":
> "https://192.168.1.10:8443/auth",
> > "ssl-required" : "external",
> > "enable-cors" : true,
> > "principal-attribute": "KEYCLOAK_NAME",
> > "credentials": {
> > "secret": "password"
> > }
> > }
> > ,
> > "constraints": [
> > {
> > "pattern": "/users/*",
> > "roles-allowed": [
> > "user"
> > ]
> > },
> > {
> > "pattern": "/*",
> > "roles-allowed": [
> > "user"
> > ]
> > },
> > {
> > "pattern": "/call-bearer/*",
> > "roles-allowed": [
> > "user"
> > ]
> > },
> > {
> > "pattern": "/bearer/*",
> > "roles-allowed": [
> > "user"
> > ]
> > },
> > {
> > "pattern": "/admins/*",
> > "roles-allowed": [
> > "admin"
> > ]
> > },
> > {
> > "pattern": "/users/permit",
> > "permit": true
> > },
> > {
> > "pattern": "/users/deny",
> > "deny": true
> > }
> > ]
> > }
> > ]
> >
> >
> > }
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list