[keycloak-user] remote_user header from IIS proxy not seen by keycloak
Stian Thorgersen
sthorger at redhat.com
Tue Sep 20 03:55:22 EDT 2016
Not sure, but how are you retrieving the header? Did you try:
request.getHttpHeaders().getRequestHeaders().getFirst("REMOTE_USER")
Also is it the first authenticator in the flow?
On 15 September 2016 at 15:53, Glenn Campbell <campbellg at teds.com> wrote:
> I have a requirement to use Keycloak behind IIS where some sort of SSO
> product is already integrated with IIS. Whatever this product is sets the
> REMOTE_USER header. It is easy enough to write a custom authenticator for
> Keycloak to use the REMOTE_USER header. However, Keycloak's Wildfly server
> (or its embedded Undertow) appears to be stripping out the header.
>
> Is there any way to configure Keycloak or its Wildfly to let the
> REMOTE_USER header pass through? Or are there any clever workarounds?
>
> Thanks in advance.
> Glenn
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160920/db7f43d4/attachment.html
More information about the keycloak-user
mailing list