[keycloak-user] keycloak security proxy does not proxy to external application url

Dimitris Charlaftis dharlaftis at ekt.gr
Thu Jan 17 08:57:36 EST 2019 

Hello,

I have built the architecture shown in the attached image.

Step 1. A client authentication request reaches the keycloak security 
proxy docker container

Step 2. Proxy asks the actual keycloak server docker container

Step 3. Keycloak Server asks an external LDAP for user credentials

Step 4. Keycloak server replies OK

Step 5. Keycloak proxy replies OK and passes control to the external 
application url.


THE PROBLEM IS that after successful authentication, the url of the host 
server (i.e. where the keycloak proxy container and keyclak 
authentication container lie) appears on the address bar of the browser 
instead of the actual external application url.

For example, if the host machine where the keycloak containers lie is 
keycloak.containers.gr, and the external application domain name is 
www.external.application.gr, then, after a SUCCESSFUL login to the 
keycloak SSO login page, the url in the address bar appears to 
behttp://keycloak.containers.gr <http://keycloak.containers.gr/>instead 
ofhttp://www.external.application.gr 
<http://www.external.application.gr/>. This fact destroys all the 
relative css, js scripts, etc, attached to the site 
www.external.application.gr.


  KEYCLOAK SECURITY PROXY CONFIGURATION

{
     "target-url": "http://www.external.application.gr",
     "bind-address": "0.0.0.0",
     "send-access-token": true,
     "http-port": "8180",
     "https-port": "8443",
     "applications": [{
         "base-path": "/",
         "adapter-config": {
             "realm": "internal_applications",
             "auth-server-url": "http://keycloak.containers.gr:8202/auth",
             "resource": "test_app",
             "ssl-required": "external",
             "credentials": {
                 "secret": "xxxxx-xxx-xxx-xxxx-xxxxxxxxxxx"
             }
         },
         "constraints": [{
             "pattern": "/*",
             "authenticate": true
         }],
         "proxy-address-forwarding": true
     }]
}

I use a proxy.json for the keycloak security proxy configuration


NOTE: I have tried to change the "bind-address": "0.0.0.0" parameter, 
from 0.0.0.0 to the IP of the www.external.application.gr but with no 
luck...

please... any help??

Thank you!!

Dimitris

-- 
_____________________________

Dimitris Charlaftis
Software Engineer

National Documentation Center
email: dharlaftis at ekt.gr
_____________________________

-------------- next part --------------
A non-text attachment was scrubbed...
Name: keycloak.PNG
Type: image/png
Size: 42868 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190117/f23a19db/attachment-0001.png

More information about the keycloak-user mailing list