<p dir="ltr">Hi,</p>
<p dir="ltr">Yes. I think keycloak proxy is quite similar to apache web proxy. Now the only difference is apache web proxy can reverse proxy for app hosted on different ip and port whereas keycloak proxy server seem like forcing the app to run on same ip and port. I have tried to change the base-path and target-url to use different ip and port but it does not work. Kindly share the opinions.</p>
<div class="gmail_quote">On Feb 18, 2015 11:27 AM, "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">All browser HTTP requests go through the proxy. Your browser is never<br>
redirected to the actual application. The actual application should be<br>
behind a firewall or some other mechanism. Its the same concept as<br>
using Apache HTTPD in front of an application.<br>
<br>
On 2/17/2015 4:34 PM, Chen Keong Yap wrote:<br>
> Hi,<br>
><br>
> Is there any updates? The app is protected by proxy but after login is<br>
> successful and is not redirect back to app and stay at proxy url<br>
><br>
> On Feb 17, 2015 4:54 PM, "Chen Keong Yap" <<a href="mailto:chenkeong.yap@izeno.com">chenkeong.yap@izeno.com</a><br>
> <mailto:<a href="mailto:chenkeong.yap@izeno.com">chenkeong.yap@izeno.com</a>>> wrote:<br>
><br>
> Hi,<br>
><br>
> When i access my app from <a href="http://localhost:8080/customer-portal" target="_blank">http://localhost:8080/customer-portal</a> and<br>
> it was redirected to keycloak login page<br>
> (<a href="https://192.168.1.10:8443/auth" target="_blank">https://192.168.1.10:8443/auth</a>). After login is successful, the<br>
> request is redirected back to <a href="http://localhost:8080/customer-portal" target="_blank">http://localhost:8080/customer-portal</a><br>
> instead of <a href="http://localhost:9080/customer-portal" target="_blank">http://localhost:9080/customer-portal</a>. Can someone advise<br>
> what's wrong with the settings?<br>
><br>
> keycloak proxy server hosted on localhost:8080<br>
><br>
> customer-portal application hosted on localhost:9080<br>
><br>
> proxy.json configuration shown below.<br>
><br>
> {<br>
> "target-url": "<a href="http://localhost:8082" target="_blank">http://localhost:8082</a>",<br>
> "bind-address": "localhost",<br>
> "http-port": "8080",<br>
> "https-port": "8443",<br>
> "keystore": "classpath:ssl.jks",<br>
> "keystore-password": "password",<br>
> "key-password": "password",<br>
> "send-access-token": true,<br>
> "applications": [<br>
> {<br>
> "base-path": "/customer-portal",<br>
> "error-page": "/error.html",<br>
> "adapter-config": {<br>
> "realm": "demo",<br>
> "resource": "customer-portal",<br>
> "realm-public-key":<br>
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",<br>
> "auth-server-url": "<a href="https://192.168.1.10:8443/auth" target="_blank">https://192.168.1.10:8443/auth</a>",<br>
> "ssl-required" : "external",<br>
> "enable-cors" : true,<br>
> "principal-attribute": "KEYCLOAK_NAME",<br>
> "credentials": {<br>
> "secret": "password"<br>
> }<br>
> }<br>
> ,<br>
> "constraints": [<br>
> {<br>
> "pattern": "/users/*",<br>
> "roles-allowed": [<br>
> "user"<br>
> ]<br>
> },<br>
> {<br>
> "pattern": "/*",<br>
> "roles-allowed": [<br>
> "user"<br>
> ]<br>
> },<br>
> {<br>
> "pattern": "/call-bearer/*",<br>
> "roles-allowed": [<br>
> "user"<br>
> ]<br>
> },<br>
> {<br>
> "pattern": "/bearer/*",<br>
> "roles-allowed": [<br>
> "user"<br>
> ]<br>
> },<br>
> {<br>
> "pattern": "/admins/*",<br>
> "roles-allowed": [<br>
> "admin"<br>
> ]<br>
> },<br>
> {<br>
> "pattern": "/users/permit",<br>
> "permit": true<br>
> },<br>
> {<br>
> "pattern": "/users/deny",<br>
> "deny": true<br>
> }<br>
> ]<br>
> }<br>
> ]<br>
><br>
><br>
> }<br>
><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div>