[keycloak-user] Redirection issue with proxy behind keycloak

Scott Rossillo srossillo at smartling.com
Mon May 23 18:05:16 EDT 2016 

What are you using as your proxy?

Spring Security needs to know it’s behind a proxy when generating login redirects.

If Nginx, set:

proxy_pass http://your-upstream-here;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # <- only set this if you’re using SSL


Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com

> On May 23, 2016, at 11:20 AM, Aritz Maeztu <amaeztu at tesicnor.com> wrote:
> 
> I'm using keycloak to securize some Spring based services (with the keycloak spring security adapter). The adapter creates a `/login` endpoint in each of the services which redirects to the keycloak login page and then redirects back to the service when authentication is done. I also have a proxy service which I want to publish in the 80 port and will take care of routing all the requests to each service. The proxy performs a plain FORWARD to the service, but the problem comes when I securize the service with the keycloak adapter. 
> When I make a request, the adapter redirects to its login endpoint and then to the keycloak auth url. When keycloak sends the redirection, the url shown in the browser is the one from the service and not the one from the proxy. Do I have some choice to tell the adapter I want to redirect back to the first requested url?
> 
> -- 
> Aritz Maeztu Otaño
> Departamento Desarrollo de Software	<linkdin.gif> <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
> <logo.png> <http://www.tesicnor.com/>	
> Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
> Telf.: 948 21 40 40 
> Fax.: 948 21 40 41 
> Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es cosa de todos. _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160523/0c6690c6/attachment.html

More information about the keycloak-user mailing list