[keycloak-user] Reverse proxy calling admin API
Stian Thorgersen
sthorger at redhat.com
Mon May 23 02:16:48 EDT 2016
Take a look at
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding.
proxy-address-forwarding=true
does set HttpServletRequest#getRequestURL(), but only if http is used. If
you're using ajp then you need to use ProxyPeerAddressHandler.
On 22 May 2016 at 10:10, Christian Bauer <christian.bauer at gmail.com> wrote:
> A workaround/solution is to set the Host header on the proxy.
>
> This is equivalent to setting ProxyPreserveHost On if you'd be using
> Apache mod_proxy. It requires some ugly hacks however customizing this
> header with my Resteasy/ApacheHttpClient proxy.
>
> > On 22.05.2016, at 00:18, Christian Bauer <christian.bauer at gmail.com>
> wrote:
> >
> > Already done. I don't think that affects
> HttpServletRequest#getRequestURL(), which is what Resteasy is using to
> populate UriInfo#getBaseUri()?
> >
> >> set the proxy-address-forwarding="true" for the http-listener.
> >>
> >>>
> >>> The proxy makes a call to Keycloak with a Bearer token and the correct
> X-Forwarded-* headers. Keycloak/Wildfly is configured with
> proxy-address-forwarding=true.
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160523/e86d28c4/attachment.html
More information about the keycloak-user
mailing list