[keycloak-user] KeyCloak behind reverse proxy - hostname incorrect
jim-keycloak at spudsoft.co.uk
jim-keycloak at spudsoft.co.uk
Thu Jun 15 05:47:14 EDT 2017
Hi,
We are trying to use KeyCloak behind a reverse proxy.
There are lots of discussions about doing this online, but they are all
concerned about getting the protocol correct - which we are not having a
problem with.
Our problem is that the reverse proxy has a completely different name
from the KeyCloak host and this seems to be confusing KeyCloak.
Our reverse proxy ("external") is on https and our KeyCloak server
("internal") is on http.
There are two examples that we have seen of this:
1. In the UI templates the url.loginAction variable is https://internal
2. In JWTs generated by KeyCloak the iss is https://internal
This seems to be resulting in all tokens being refused by
introspection.
Our reverse proxy is adding both X-Forwarded-Proto and
X-Forwarded-Server headers (we can change these easily).
It would be acceptable for us if KeyCloak were only accessible via the
reverse proxy.
We are using KeyCloak 3.0.0.FINAL.
How can we get this working?
Thanks
Jim
More information about the keycloak-user
mailing list