[keycloak-user] reverse proxy support of Keycloak saml filter adapter
Stian Thorgersen
sthorger at redhat.com
Tue Jun 28 09:00:46 EDT 2016
Answer depends on what application server you are using, but in summary you
need to make sure the reverse proxy is configured to include correct
headers and application server is configured to use the headers. This is
required so HttpServletRequest.getRequestURL returns the URL used by the
user and not the internal URL used by the proxy.
On 16 June 2016 at 08:19, ROMELOT Didier <didier.romelot at renault.com> wrote:
> Hi, we deploy applications that use keycloak SAML filter to handle SAML
> authentication.
>
>
>
> We face some trouble when configuring the app acting behind a reverse
> proxy. In that situation keycloak library raises an exception :
>
>
>
> WebBrowserSsoAuthenticationHandler ERROR Request URI does not match SAML
> request destination
>
>
>
> We try to fix it with configuration on reverse proxy but whithout success.
>
>
>
> Does anyone faced with such problem ?
>
>
>
> regards
>
>
>
>
>
> [image:
> http://collaboration2010.sharepoint.renault.fr/is/fsc/places/blog/Lists/Photos/Logo/Alliance_logo_low_ok_tcm1253-923195.jpg]
>
> *Didier ROMELOT*
> DIA-AT - Technical Architecture
> API : FR EQV NOV 3 39
> 13, avenue Paul Langevin
> 92359 Le Plessis Robinson Cedex - FRANCE
> Tél. : +33 1 76 84 95 28
>
>
>
>
>
> -- Disclaimer ------------------------------------
> Ce message ainsi que les eventuelles pieces jointes constituent une
> correspondance privee et confidentielle a l'attention exclusive du
> destinataire designe ci-dessus. Si vous n'etes pas le destinataire du
> present message ou une personne susceptible de pouvoir le lui delivrer, il
> vous est signifie que toute divulgation, distribution ou copie de cette
> transmission est strictement interdite. Si vous avez recu ce message par
> erreur, nous vous remercions d'en informer l'expediteur par telephone ou de
> lui retourner le present message, puis d'effacer immediatement ce message
> de votre systeme.
>
> *** This e-mail and any attachments is a confidential correspondence
> intended only for use of the individual or entity named above. If you are
> not the intended recipient or the agent responsible for delivering the
> message to the intended recipient, you are hereby notified that any
> disclosure, distribution or copying of this communication is strictly
> prohibited. If you have received this communication in error, please notify
> the sender by phone or by replying this message, and then delete this
> message from your system.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160628/994aa647/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 8005 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160628/994aa647/attachment.jpg
More information about the keycloak-user
mailing list