[keycloak-user] HTTP status 400 from Tomcat after successful login
Luis Rodríguez Fernández
uo67113 at gmail.com
Mon Dec 10 03:40:54 EST 2018
Hello Timo,
Perhaps enable tomcat access logging [1] can help you to debug this issue.
You can compare the request with mod_proxy with the one without.
Out of curiosity: why do you need to set ProxyPassReverseCookiePath / /app/
?
Hope it helps,
Luis
[1]
https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Logging
El dom., 9 dic. 2018 a las 10:22, Timo Kockert (<timo.kockert at codecentric.de>)
escribió:
> Hello everyone,
>
> I have configured a web application, that is running in Tomcat, to
> authenticate users with Keycloak. Everything is running fine if I
> deploy the app to my local Tomcat, even when using the remote Keycloak
> instance.
>
> However, when I deploy the app to another Tomcat running behind an
> Apache HTTP Server, the following happens:
>
> * When I navigate to https://my-domain.tld/app I get redirected to the
> Keycloak login
> * After I log in successfully, Keycloak redirects me to
> <IP>:<PORT>/app of the Tomcat
> * The Tomcat answers with HTTP status 400
>
> My keycloak.json looks like this:
>
> {
> "realm": "cdb_test",
> "auth-server-url": "https://keycloak-server.tld/auth",
> "ssl-required": "external",
> "resource": "cdb_test",
> "public-client": true
> }
>
> The VHost is configured like this:
>
> ProxyPass /app http://<IP>:<PORT>/app/
> ProxyPassReverse /app http://<IP>:<PORT>/app/
> ProxyPassReverseCookiePath / /app/
>
> I turned on debug logging for the Keycloak Tomcat adapter, see attachment.
>
> Any advice?
>
> Thanks in advance
> Timo
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
More information about the keycloak-user
mailing list