[keycloak-user] Keycloak server securing wildfly in docker containers
Jorge Morales Pou
jorgemoralespou at gmail.com
Wed Jan 21 06:47:32 EST 2015
Hi,
So far, for the sake of the demo, I have configured all the involved
containers to have net: "host" so they share the same ip, and configured
also a port offset for the keycloak server. This way, localhost maps to bot
containers (apiman and keycloak).
This is not a solution, but at least a workaround for now, and I think a
solution should come from Keycloak.
Also, I noticed that if I have the keycload server running on a docker
container on port 8080 and I have it mapped externaly to port 8081 then
same problem arises.
This could be tested with the official keycloak docker images available at
http://jboss.org/docker with the following command (*if they worked*):
docker run -it --rm -p 8081:8080 -p 9090:9090 jboss/keycloak-examples
2015-01-21 12:23 GMT+01:00 Stian Thorgersen <stian at redhat.com>:
>
>
> ----- Original Message -----
> > From: "Jorge Morales Pou" <jorgemoralespou at gmail.com>
> > To: keycloak-user at lists.jboss.org
> > Sent: Wednesday, 21 January, 2015 10:43:52 AM
> > Subject: [keycloak-user] Keycloak server securing wildfly in docker
> containers
> >
> > Hi,
> > I have an scenario for Keycloak that I'm not able to solve in an easy
> way, so
> > any help will be more than appreciated.
> >
> > In apiman ( http://www.apiman.io ) we are using Keycloak for securing
> the
> > apiman rest endpoints. We are in the process of creating some demos with
> > docker and for that one of the demos is having keycloak as a separate
> server
> > to which the wildfly instances holding the apiman rest endpoint will
> > redirect for authentication.
> > So far, I've configured in this wildfly instances the auth-server-url to
> be
> > the keycloakserver. Internal communication to this server is resolved by
> > name, as it is docker links providing the accesibility, but this is an
> > "internal ip to docker"
> > The problem comes when I try to log into the escured resource, and I get
> a
> > redirection to this "internal" ip, which my browser can not access, so I
> get
> > an error.
> >
> > Is there a way to:
> >
> > a) Use a different URL for browser redirection as for internal
> redirection?
> > b) Use a different redirection strategy?
> > c) do it in any other way?
>
> I'm currently looking into a solution to this, exactly how it'll work I
> haven't figured out yet. Should have something more concrete in a few
> weeks. Is this urgent for you or can it wait?
>
> If you have any suggestions please let me know.
>
> >
> > Thanks for any help you can provide on this.
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150121/63540a56/attachment.html
More information about the keycloak-user
mailing list