[keycloak-user] [FGTSPAM] Keycloak behind reverse proxy
GARDAIS Ionel
ionel.gardais at tech-advantage.com
Wed Dec 12 14:18:09 EST 2018
Hi Nikola,
May I suggest you to have a look at haproxy as a reverse proxy ?
It could handle cert passthrough for you.
http://www.loadbalancer.org/blog/client-certificate-authentication-with-haproxy/
--
Ionel GARDAIS
Tech'Advantage CIO - IT Team manager
----- Mail original -----
De: "Nikola Malenic" <nikola.malenic at netsetglobal.rs>
À: "keycloak-user" <keycloak-user at lists.jboss.org>
Envoyé: Mercredi 12 Décembre 2018 18:08:15
Objet: [FGTSPAM] [keycloak-user] Keycloak behind reverse proxy
I configured mutual-ssl authentication on Keycloak. That means that user
coming to Keycloak does SSL handshake allowing Keycloak to extract data from
client certificate and map that data to an existing user at Keycloak, and
based on that authenticate the user.
Now, I need to configure reverse proxy in front of Keycloak. I'm using
Apache's httpd.
The problem is that user's browser now does SSL handshake with the reverse
proxy server instead of Keycloak and sends plain http request, disabling
Keycloak to map and authenticate the user.
Is there a proposed method to achieve this?
Can I configure some reverse proxy (maybe not httpd) to proxy requests on
the transport layer?
Or should I somehow configure Keycloak for this?
Maybe configure the proxy to be KC's client and do the authentication
somehow?
Many thanks,
Nikola
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON
Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301
More information about the keycloak-user
mailing list