
<p dir="ltr">Step 4 and 5 not happening</p>


<div class="gmail_quote">On Feb 18, 2015 9:19 PM, &quot;Bill Burke&quot; &lt;<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This is what is happening:<br>


<br>


* Keycloak server is deployed at <a href="https://192.168.1.10:8443/auth" target="_blank">https://192.168.1.10:8443/auth</a><br>


* Keycloak proxy is deployed at localhost:8080<br>


* Customer portal is deployed at localhost:8082<br>


<br>


1. Browser visits proxy<br>


2. proxy sees browser is logged in, redirects to keycloak<br>


3. Keycloak logs browser in, redirects back to proxy<br>


4. proxy makes an out-of-band request to customer portal<br>


5. proxy copies response from customer portal and returns it to browser<br>


<br>


Which step is not happening?<br>


<br>


On 2/18/2015 2:32 AM, Chen Keong Yap wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


Hi,<br>


<br>


Yes. I think keycloak proxy is quite similar to apache web proxy. Now<br>


the only difference is apache web proxy can reverse proxy for app hosted<br>


on different ip and port whereas keycloak proxy server seem like forcing<br>


the app to run on same ip and port. I have tried to change the base-path<br>


and target-url to use different ip and port but it does not work. Kindly<br>


share the opinions.<br>


<br>


On Feb 18, 2015 11:27 AM, &quot;Bill Burke&quot; &lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>


&lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;&gt; wrote:<br>


<br>


    All browser HTTP requests go through the proxy.  Your browser is never<br>


    redirected to the actual application.  The actual application should be<br>


    behind a firewall or some other mechanism.  Its the same concept as<br>


    using Apache HTTPD in front of an application.<br>


<br>


    On 2/17/2015 4:34 PM, Chen Keong Yap wrote:<br>


     &gt; Hi,<br>


     &gt;<br>


     &gt; Is there any updates? The app is protected by proxy but after<br>


    login is<br>


     &gt; successful and is not redirect back to app and stay at proxy url<br>


     &gt;<br>


     &gt; On Feb 17, 2015 4:54 PM, &quot;Chen Keong Yap&quot;<br>


    &lt;<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.com</a> &lt;mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a>&gt;<br>


     &gt; &lt;mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a><br>


    &lt;mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a>&gt;&gt;&gt; wrote:<br>


     &gt;<br>


     &gt;     Hi,<br>


     &gt;<br>


     &gt;     When i access my app from<br>


    <a href="http://localhost:8080/customer-portal" target="_blank">http://localhost:8080/<u></u>customer-portal</a> and<br>


     &gt;     it was redirected to keycloak login page<br>


     &gt;     (<a href="https://192.168.1.10:8443/auth" target="_blank">https://192.168.1.10:8443/<u></u>auth</a>). After login is successful, the<br>


     &gt;     request is redirected back to<br>


    <a href="http://localhost:8080/customer-portal" target="_blank">http://localhost:8080/<u></u>customer-portal</a><br>


     &gt;     instead of <a href="http://localhost:9080/customer-portal" target="_blank">http://localhost:9080/<u></u>customer-portal</a>. Can someone<br>


    advise<br>


     &gt;     what&#39;s wrong with the settings?<br>


     &gt;<br>


     &gt;     keycloak proxy server hosted on localhost:8080<br>


     &gt;<br>


     &gt;     customer-portal application hosted on localhost:9080<br>


     &gt;<br>


     &gt;     proxy.json configuration shown below.<br>


     &gt;<br>


     &gt;     {<br>


     &gt;          &quot;target-url&quot;: &quot;<a href="http://localhost:8082" target="_blank">http://localhost:8082</a>&quot;,<br>


     &gt;          &quot;bind-address&quot;: &quot;localhost&quot;,<br>


     &gt;          &quot;http-port&quot;: &quot;8080&quot;,<br>


     &gt;          &quot;https-port&quot;: &quot;8443&quot;,<br>


     &gt;          &quot;keystore&quot;: &quot;classpath:ssl.jks&quot;,<br>


     &gt;          &quot;keystore-password&quot;: &quot;password&quot;,<br>


     &gt;          &quot;key-password&quot;: &quot;password&quot;,<br>


     &gt;          &quot;send-access-token&quot;: true,<br>


     &gt;          &quot;applications&quot;: [<br>


     &gt;              {<br>


     &gt;                  &quot;base-path&quot;: &quot;/customer-portal&quot;,<br>


     &gt;                  &quot;error-page&quot;: &quot;/error.html&quot;,<br>


     &gt;                  &quot;adapter-config&quot;: {<br>


     &gt;                      &quot;realm&quot;: &quot;demo&quot;,<br>


     &gt;                      &quot;resource&quot;: &quot;customer-portal&quot;,<br>


     &gt;                      &quot;realm-public-key&quot;:<br>


     &gt;<br>


      &quot;<u></u>MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD<u></u>CBiQKBgQCrVrCuTtArbgaZzL1hvh0x<u></u>tL5mc7o0NqPVnYXkLvgcwiC3BjLGw1<u></u>tGEGoJaXDuSaRllobm53JBhjx33UNv<u></u>+5z/<u></u>UMG4kytBWxheNVKnL6GgqlNabMaFfP<u></u>LPCF8kAgKnsi79NMo+<u></u>n6KnSY8YeUmec/<u></u>p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB<u></u>&quot;,<br>


     &gt;                      &quot;auth-server-url&quot;:<br>


    &quot;<a href="https://192.168.1.10:8443/auth" target="_blank">https://192.168.1.10:8443/<u></u>auth</a>&quot;,<br>


     &gt;                      &quot;ssl-required&quot; : &quot;external&quot;,<br>


     &gt;     &quot;enable-cors&quot; : true,<br>


     &gt;                      &quot;principal-attribute&quot;: &quot;KEYCLOAK_NAME&quot;,<br>


     &gt;                      &quot;credentials&quot;: {<br>


     &gt;                          &quot;secret&quot;: &quot;password&quot;<br>


     &gt;                      }<br>


     &gt;                  }<br>


     &gt;                  ,<br>


     &gt;                  &quot;constraints&quot;: [<br>


     &gt;                      {<br>


     &gt;                          &quot;pattern&quot;: &quot;/users/*&quot;,<br>


     &gt;                          &quot;roles-allowed&quot;: [<br>


     &gt;                              &quot;user&quot;<br>


     &gt;                          ]<br>


     &gt;                      },<br>


     &gt;        {<br>


     &gt;                          &quot;pattern&quot;: &quot;/*&quot;,<br>


     &gt;                          &quot;roles-allowed&quot;: [<br>


     &gt;                              &quot;user&quot;<br>


     &gt;                          ]<br>


     &gt;                      },<br>


     &gt;                      {<br>


     &gt;                          &quot;pattern&quot;: &quot;/call-bearer/*&quot;,<br>


     &gt;                          &quot;roles-allowed&quot;: [<br>


     &gt;                              &quot;user&quot;<br>


     &gt;                          ]<br>


     &gt;                      },<br>


     &gt;                      {<br>


     &gt;                          &quot;pattern&quot;: &quot;/bearer/*&quot;,<br>


     &gt;                          &quot;roles-allowed&quot;: [<br>


     &gt;                              &quot;user&quot;<br>


     &gt;                          ]<br>


     &gt;                      },<br>


     &gt;                      {<br>


     &gt;                          &quot;pattern&quot;: &quot;/admins/*&quot;,<br>


     &gt;                          &quot;roles-allowed&quot;: [<br>


     &gt;                              &quot;admin&quot;<br>


     &gt;                          ]<br>


     &gt;                      },<br>


     &gt;                      {<br>


     &gt;                          &quot;pattern&quot;: &quot;/users/permit&quot;,<br>


     &gt;                          &quot;permit&quot;: true<br>


     &gt;                      },<br>


     &gt;                      {<br>


     &gt;                          &quot;pattern&quot;: &quot;/users/deny&quot;,<br>


     &gt;                          &quot;deny&quot;: true<br>


     &gt;                      }<br>


     &gt;                  ]<br>


     &gt;              }<br>


     &gt;          ]<br>


     &gt;<br>


     &gt;<br>


     &gt;     }<br>


     &gt;<br>


     &gt;<br>


     &gt;<br>


     &gt; ______________________________<u></u>_________________<br>


     &gt; keycloak-user mailing list<br>


     &gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>&gt;<br>


     &gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>


     &gt;<br>


<br>


    --<br>


    Bill Burke<br>


    JBoss, a division of Red Hat<br>


    <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>


    ______________________________<u></u>_________________<br>


    keycloak-user mailing list<br>


    <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>&gt;<br>


    <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>


<br>


</blockquote>


<br>


-- <br>


Bill Burke<br>


JBoss, a division of Red Hat<br>


<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>


</blockquote></div>