[keycloak-user] Reverse Proxy - SSL Termination - Invalid parameter: redirect uri
Derek Visch
derek.visch at gmail.com
Thu Jul 21 17:21:09 EDT 2016
Trying to setup reverse SSL for keycloak. Having issues finding
documentation about this, it's mentioned in
https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/network/https.html
but the extra detail that's supposed to be in
https://keycloak.gitbooks.io/server-adminstration-guide/content/ I could
not find in regards to reverse SSL proxys.
Regardless I ended up following
http://lists.jboss.org/pipermail/keycloak-user/2014-June/000453.html
>From that previous mailling list post:
Follow the documentation for your web server to enable SSL and
configure reverse proxy for Keycloak. It is important that you make
sure the web server sets the X-Forwarded-For and X-Forwarded-Proto
headers on the requests made to Keycloak. Next you need to enable
proxy-address-forwarding on the Keycloak http connector. Assuming that
your reverse proxy doesn't use port 8443 for SSL you also need to
configure what port http traffic is redirected to. This is done by
editing standalone/configuration/standalone.xml.
First add proxy-address-forwarding and redirect-socket to the
http-listener element:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
...
<http-listener name="default" socket-binding="http"
proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...
</subsystem>
Then add a new socket-binding element to the socket-binding-group element:
<socket-binding-group name="standard-sockets"
default-interface="public"
port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="proxy-https" port="443"/>
...
</socket-binding-group>
but now when I go to log on to the admin console I get "We're sorry ...
Invalid aparameter: redirect uri".
Tried stack overflow / google / IRC. No luck so far.
Any help would be appreciated :D
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160721/e5746744/attachment.html
More information about the keycloak-user
mailing list