<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">

<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

Thanks for the config but had to make a few more changes for my setup.</div>

<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

<br>

</div>

<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

First problem was that the if there is a url instead of an IP as the keycloak server, it seemed to cause problems.</div>

<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

Solution:</div>

<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

Had to replace the nginx config setting:</div>

<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

<span style="font-family: Calibri;">proxy_set_header Host $host;</span></div>

<div><font face="Menlo"><span style="font-family: Calibri;">W</span></font><span style="color: rgb(0, 0, 0); font-family: Calibri; font-size: 14px;">ith&nbsp;</span></div>

<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

<span style="font-family: Calibri;">proxy_set_header Host [</span>auth-server-url<span style="font-family: Calibri;">&nbsp;in the keycloak.json file];</span></div>

<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

<span style="font-family: Calibri;"><br>

</span></div>

<div>Second problem is that the keycloak/wildfly server kept using the nginx proxy’s IP in the session management.</div>

<div>Solution:</div>

<div>Need a combination of nginx settings and wildfly settings.</div>

<div>Nginx needs to insert the forwarded for headers</div>

<div><span style="font-family: Calibri; font-size: 14px;">proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span></div>

<div><font face="Menlo"><span style="font-family: Calibri;">Wildfly’s standalone/configuration/standalone.xml needs to read the forwarded for header with proxy-address-forwarding=“true&quot;</span></font></div>

<div><font face="Menlo"><span style="font-family: Calibri;">…</span></font></div>

<div>

<div>&lt;subsystem xmlns=&quot;urn:jboss:domain:undertow:2.0&quot;&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;buffer-cache name=&quot;default&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;server name=&quot;default-server&quot;&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;http-listener name=&quot;default&quot; socket-binding=&quot;http&quot; redirect-socket=&quot;https&quot; proxy-address-forwarding=&quot;true&quot; /&gt;</div>

</div>

<div>…</div>

<div>The second solution is sort of mentioned in the docs, but applicable to both http and https and the xml seems out of date.</div>

<div><br>

</div>

<div>—Doug</div>

<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

<span style="font-family: Menlo;"><br>

</span></div>

<span id="OLK_SRC_BODY_SECTION" style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">

<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">

<span style="font-weight:bold">From: </span>Scott Rossillo &lt;<a href="mailto:srossillo@smartling.com">srossillo@smartling.com</a>&gt;<br>

<span style="font-weight:bold">Date: </span>Thu, 24 Sep 2015 12:25:06 -0400<br>

<span style="font-weight:bold">To: </span>Kevin Thorpe &lt;<a href="mailto:kevin.thorpe@p-i.net">kevin.thorpe@p-i.net</a>&gt;<br>

<span style="font-weight:bold">Cc: </span>doug &lt;<a href="mailto:dszeto@investlab.com">dszeto@investlab.com</a>&gt;, keycloak-user &lt;<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>&gt;<br>

<span style="font-weight:bold">Subject: </span>Re: [keycloak-user] Wrapping Keycloak under Nginx - redirect_uri problems<br>

</div>

<div><br>

</div>

<div>

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

Here’s a working configuration with NGINX listening on 443 (https) and Keycloak / Wildfly on 8080 (http). Note the proxy_set_header calls. The rest of the config is just for completeness:

<div class=""><br class="">

</div>

<div class="">

<div class=""><font face="Menlo" class="">upstream keycloak {<br class="">

&nbsp; &nbsp;&nbsp;server localhost:8080;<br class="">

}</font></div>

<div class=""><font face="Menlo" class=""><br class="">

</font></div>

<div class=""><font face="Menlo" class="">server {</font></div>

<div class=""><font face="Menlo" class="">&nbsp; listen 443;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; server_name localhost;</font></div>

<div class=""><font face="Menlo" class=""><br class="">

</font></div>

<div class=""><font face="Menlo" class="">&nbsp; ssl on;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; ssl_certificate /etc/pki/tls/certs/server.crt;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; ssl_certificate_key /etc/pki/tls/certs/server.key;</font></div>

<div class=""><font face="Menlo" class=""><br class="">

</font></div>

<div class=""><font face="Menlo" class="">&nbsp; ssl_session_timeout 5m;</font></div>

<div class=""><font face="Menlo" class=""><br class="">

</font></div>

<div class=""><font face="Menlo" class="">&nbsp; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; ssl_ciphers ALL:!ADH!EXPORT56:RC4&#43;RSA:&#43;HIGH:&#43;MEDIUM:&#43;LOW:&#43;SSLv2:&#43;EXP;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; ssl_prefer_server_ciphers on;</font></div>

<div class=""><font face="Menlo" class=""><br class="">

</font></div>

<div class=""><font face="Menlo" class="">&nbsp; location / {</font></div>

<div class=""><font face="Menlo" class="">&nbsp; &nbsp; proxy_pass http://</font><span style="font-family: Menlo;" class="">keycloak</span><font face="Menlo" class="">;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; &nbsp; proxy_http_version 1.1;</font></div>

<div class=""><font face="Menlo" class=""><br class="">

</font></div>

<div class=""><font face="Menlo" class="">&nbsp; &nbsp; proxy_set_header Connection &quot;&quot;;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; &nbsp; proxy_set_header Host $host;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; &nbsp; proxy_set_header X-Real-IP $remote_addr;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; &nbsp; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; &nbsp; proxy_set_header X-Forwarded-Proto https;</font></div>

<div class=""><font face="Menlo" class="">&nbsp; }</font></div>

<div class=""><font face="Menlo" class="">}</font></div>

</div>

<div class=""><br class="">

</div>

<div class=""><br class="">

<div apple-content-edited="true" class="">

<div class="">Scott Rossillo</div>

<div class="">Smartling | Senior Software Engineer</div>

<div class=""><a href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div>

<div class=""><br class="">

</div>

<div class=""><br class="">

<span style="color: rgb(169, 169, 169); font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255);" class=""></span>

<div id="watermark" style="box-sizing: border-box; color: rgb(169, 169, 169); font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255);" class="">

<a href="http://www.sigstr.com/" style="box-sizing: border-box; color: rgb(0, 124, 194); text-decoration: none; background-color: transparent; outline: 0px !important;" class=""><img alt="Powered by Sigstr" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/watermark" style="box-sizing: border-box; border: 0px; vertical-align: top; max-width: 100%; height: auto; width: inherit; color: rgb(99, 99, 99); font-family: Helvetica; font-size: 11px;" class=""></a></div>

</div>

</div>

<br class="">

<div>

<blockquote type="cite" class="">

<div class="">On Sep 24, 2015, at 5:13 AM, Kevin Thorpe &lt;<a href="mailto:kevin.thorpe@p-i.net" class="">kevin.thorpe@p-i.net</a>&gt; wrote:</div>

<br class="Apple-interchange-newline">

<div class="">

<div dir="ltr" class="">I got it working but as you've seen only if everyone contacts the Nginx IP. If the back end&nbsp;

<div class="">servers contact Keycloak directly then the validation fails because the token was issued&nbsp;</div>

<div class="">by 'a different server'.&nbsp;</div>

<div class=""><br class="">

</div>

<div class="">I want to do the same thing as well. I want the front-end of our application to authenticate</div>

<div class="">against the public address then all the back end servers running in Docker contact the&nbsp;</div>

<div class="">Keycloak docker container directly. The way I have it now I'm generating a lot of traffic&nbsp;</div>

<div class="">between the Docker (actually Rancher) LAN and the external LAN.</div>

<div class=""><br class="">

</div>

<div class="">I think we need a concept of service aliases so that a token issued by&nbsp;</div>

<div class="">https:my-public-name:443 would still be accepted by <a href="http://keycloak:8080/" class="">

http://keycloak:8080</a> (as long as it</div>

<div class="">was indeed issued by that server under a different alias)<br class="">

<div class=""><br class="">

</div>

<div class=""><br class="">

</div>

</div>

</div>

<div class="gmail_extra"><br clear="all" class="">

<div class="">

<div class="gmail_signature">

<div dir="ltr" class="">

<div class="">

<div dir="ltr" class="">

<div class=""><font class=""><b class="">Kevin Thorpe<br class="">

</b></font></div>

<div class="">CTO<br class="">

</div>

<div class=""><br class="">

</div>

<div class=""><a href="https://www.p-i.net/" target="_blank" class=""><span id="cid:part1.09070200.07040105@p-i.net">&lt;pi_icon.jpg&gt;</span></a>&nbsp; &nbsp;<a href="https://twitter.com/@PI_150" target="_blank" class=""><span id="cid:part3.05090201.04050806@p-i.net">&lt;twitter.jpg&gt;</span></a><br class="">

</div>

<div class=""><br class="">

</div>

<div class=""><a href="http://www.p-i.net/" target="_blank" class="">www.p-i.net</a>&nbsp;|&nbsp;<a href="https://twitter.com/@PI_150" target="_blank" class="">@PI_150</a><br class="">

</div>

<div class=""><span style="color:rgb(81,81,81)" class=""><br class="">

</span></div>

<div class=""><span style="color:rgb(81,81,81)" class="">M:&nbsp;<a value="&#43;447921676683" class="">&#43;44 (0)7425 160 368</a> | T:

<a value="&#43;442030056750" class="">&#43;44 (0)203 005 6750</a> | F:&nbsp;<a value="&#43;442077302635" class="">&#43;44(0)207 730 2635</a></span><br class="">

</div>

<div class=""><font color="#515151" class="">150 Buckingham Palace Road,&nbsp;</font><span style="color:rgb(81,81,81)" class="">London, SW1W 9TR, UK</span></div>

<div class=""><br class="">

<b class=""><span style="color:rgb(11,83,148)" class="">&nbsp; <img src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo.jpg/81028530-5f84-4598-825b-f6465a83bae1?t=1416563040000" class="">

<img src="https://clients.p-i.net/documents/11003/1116416/ISO27001-2013.logo.jpeg/145aebe0-c393-49d7-8e1d-44c3c4d451dc?t=1416563040000" class="">

<img src="https://clients.p-i.net/documents/11003/1116416/QMS.logo.jpeg/3925220d-bdad-40c3-b284-102c365c7b85?t=1416563040000" height="36" width="64" class=""><img src="https://clients.p-i.net/documents/11003/1116416/pci.png/773a04d4-f6ce-4b7a-8a22-818f518f0459?t=1421160152000" height="44" width="116" class=""></span></b></div>

<div class=""><font size="1" class="">_____________________________&nbsp;</font></div>

<p class=""><font size="1" class="">This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

 This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received

 this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</font></p>

<p class=""><b class="">&quot;<span style="color:rgb(11,83,148)" class=""><font class="">SAVE PAPER - THINK BEFORE YOU PRINT!</font></span>&quot;

</b></p>

</div>

</div>

</div>

</div>

</div>

<br class="">

<div class="gmail_quote">On 24 September 2015 at 02:38, Doug Szeto <span dir="ltr" class="">

&lt;<a href="mailto:DSzeto@investlab.com" target="_blank" class="">DSzeto@investlab.com</a>&gt;</span> wrote:<br class="">

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="ltr" class="">

<div style="font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Arial, Helvetica, sans-serif;" class="">

<p class=""><br class="">

</p>

Did you ever get the correct settings?

<div class=""><br class="">

</div>

<div class="">When I put nginx in front of keycloak, it generates access&nbsp;tokens tied to the nginx server's IP instead of the browser's IP. This is apparent in the admin management pages when you look up the active sessions.

<div class=""><br class="">

</div>

<div class="">The problem I'm having is there is a resource server that accepts bearer only tokens. It uses a different server, and&nbsp;now fails the token validation check. Remove the nginx servers&nbsp;and things work fine.</div>

<div class=""><br class="">

</div>

<div class="">Any suggestions?</div>

<div class="">--Doug</div>

<div class=""><br class="">

</div>

<div class=""><br class="">

<div style="" class="">

<hr style="display:inline-block;width:98%" class="">

<div dir="ltr" class=""><font face="Calibri,sans-serif" style="font-size:11pt" class=""><b class="">From:</b>

<a href="mailto:keycloak-user-bounces@lists.jboss.org" target="_blank" class="">keycloak-user-bounces@lists.jboss.org</a> &lt;<a href="mailto:keycloak-user-bounces@lists.jboss.org" target="_blank" class="">keycloak-user-bounces@lists.jboss.org</a>&gt; on behalf of

 Kevin Thorpe &lt;<a href="mailto:kevin.thorpe@p-i.net" target="_blank" class="">kevin.thorpe@p-i.net</a>&gt;<br class="">

<b class="">Sent:</b> Friday, September 18, 2015 19:21<br class="">

<b class="">To:</b> <a href="mailto:stian@redhat.com" target="_blank" class="">stian@redhat.com</a><br class="">

<b class="">Cc:</b> keycloak-user<br class="">

<b class="">Subject:</b> Re: [keycloak-user] Wrapping Keycloak under Nginx - redirect_uri problems</font>

<div class="">&nbsp;</div>

</div>

<div class="">

<div class="h5">

<div class="">

<div dir="ltr" class="">oh I see. I was copying the style of config from the developer who set up the test

<div class="">Keycloak (assuming wrongly that he knew what he was doing). Setting it to the</div>

<div class="">actual site worked........ but now I have another problem :-(</div>

<div class=""><br class="">

</div>

<div class=""><br class="">

</div>

</div>

<div class="gmail_extra"><br clear="all" class="">

<div class="">

<div class="">

<div dir="ltr" class="">

<div class="">

<div dir="ltr" class="">

<div class=""><font class=""><b class="">Kevin Thorpe<br class="">

</b></font></div>

<div class="">CTO<br class="">

</div>

<div class=""><br class="">

</div>

<div class=""><a href="https://www.p-i.net/" target="_blank" class=""><img src="http://service.svc/s/GetFileAttachment?id=AAMkAGIxOTBjNDM0LTgxNDQtNDYxYi1iYzBmLWYwNDI0MTE5MmVjYwBGAAAAAAA%2F4bdKygj1QJSA616jntzABwAl%2FbE8zyj0T7dK0ot6a0ytAAAAAAEPAAAl%2FbE8zyj0T7dK0ot6a0ytAABm1lBtAAABEgAQAJlVflMenDVNqr8Xkk3dqvU%3D&amp;X-OWA-CANARY=vpd7MF4UF02fGXygyRPIMkDAkk5_xNIYUwzrL32mQChn_0lziostcsaRPWIzvSWhnfk5T2JGB5U." class=""></a>&nbsp;

 &nbsp;<a href="https://twitter.com/@PI_150" target="_blank" class=""><img src="http://service.svc/s/GetFileAttachment?id=AAMkAGIxOTBjNDM0LTgxNDQtNDYxYi1iYzBmLWYwNDI0MTE5MmVjYwBGAAAAAAA%2F4bdKygj1QJSA616jntzABwAl%2FbE8zyj0T7dK0ot6a0ytAAAAAAEPAAAl%2FbE8zyj0T7dK0ot6a0ytAABm1lBtAAABEgAQAGGp4TV86TdMgXrTPATB9VA%3D&amp;X-OWA-CANARY=vpd7MF4UF02fGXygyRPIMkDAkk5_xNIYUwzrL32mQChn_0lziostcsaRPWIzvSWhnfk5T2JGB5U." class=""></a><br class="">

</div>

<div class=""><br class="">

</div>

<div class=""><a href="http://www.p-i.net/" target="_blank" class="">www.p-i.net</a>&nbsp;|&nbsp;<a href="https://twitter.com/@PI_150" target="_blank" class="">@PI_150</a><br class="">

</div>

<div class=""><span style="color:rgb(81,81,81)" class=""><br class="">

</span></div>

<div class=""><span style="color:rgb(81,81,81)" class="">M:&nbsp;<a value="&#43;447921676683" class="">&#43;44 (0)7425 160 368</a> | T:

<a value="&#43;442030056750" class="">&#43;44 (0)203 005 6750</a> | F:&nbsp;<a value="&#43;442077302635" class="">&#43;44(0)207 730 2635</a></span><br class="">

</div>

<div class=""><font color="#515151" class="">150 Buckingham Palace Road,&nbsp;</font><span style="color:rgb(81,81,81)" class="">London, SW1W 9TR, UK</span></div>

<div class=""><br class="">

<b class=""><span style="color:rgb(11,83,148)" class="">&nbsp; <img src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo.jpg/81028530-5f84-4598-825b-f6465a83bae1?t=1416563040000" class=""><img src="https://clients.p-i.net/documents/11003/1116416/ISO27001-2013.logo.jpeg/145aebe0-c393-49d7-8e1d-44c3c4d451dc?t=1416563040000" class=""><img height="36" width="64" src="https://clients.p-i.net/documents/11003/1116416/QMS.logo.jpeg/3925220d-bdad-40c3-b284-102c365c7b85?t=1416563040000" class=""><img height="44" width="116" src="https://clients.p-i.net/documents/11003/1116416/pci.png/773a04d4-f6ce-4b7a-8a22-818f518f0459?t=1421160152000" class=""></span></b></div>

<div class=""><font size="1" class="">_____________________________&nbsp;</font></div>

<p class=""><font size="1" class="">This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

 This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received

 this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</font></p>

<p class=""><b class="">&quot;<span style="color:rgb(11,83,148)" class=""><font class="">SAVE PAPER - THINK BEFORE YOU PRINT!</font></span>&quot;

</b></p>

</div>

</div>

</div>

</div>

</div>

<br class="">

<div class="gmail_quote">On 18 September 2015 at 11:59, Stian Thorgersen <span dir="ltr" class="">

&lt;<a href="mailto:sthorger@redhat.com" target="_blank" class="">sthorger@redhat.com</a>&gt;</span> wrote:<br class="">

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="ltr" class="">The * can only be on the end of the valid redirect uri. So you need to specify '<a href="https://my-client.pibenchmark.com/*" target="_blank" class="">https://my-client.pibenchmark.com/*</a>' or simply '*'. The latter not being a good

 idea obviously.</div>

<div class="gmail_extra"><br class="">

<div class="gmail_quote">

<div class="">

<div class="">On 18 September 2015 at 12:42, Kevin Thorpe <span dir="ltr" class="">

&lt;<a href="mailto:kevin.thorpe@p-i.net" target="_blank" class="">kevin.thorpe@p-i.net</a>&gt;</span> wrote:<br class="">

</div>

</div>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div class="">

<div class="">

<div dir="ltr" class="">

<div class="">Hi, I'm trying to wrap Keycloak behind Nginx for a client and I can't work out how to</div>

<div class="">avoid the invalid parameter: redirect_uri problem.</div>

<div class=""><br class="">

</div>

<div class="">Website is <a href="https://my-client.pibenchmark.com/" target="_blank" class="">

https://my-client.pibenchmark.com</a></div>

<div class=""><br class="">

</div>

<div class="">In nginx:</div>

<div class="">location /auth {</div>

<div class="">&nbsp; &nbsp; proxy_pass <a href="https://auth-service/" target="_blank" class="">

https://auth-service</a>;</div>

<div class="">}</div>

<div class=""><br class="">

</div>

<div class="">upstream auth-service {</div>

<div class="">&nbsp; &nbsp; server my-keycloak:8443;</div>

<div class="">}</div>

<div class=""><br class="">

</div>

<div class="">Then in Keycloak I have valid redirect URIs set to <a href="https://*" class="">

https://*</a>.<a href="http://pibenchmark.com/*" target="_blank" class="">pibenchmark.com/*</a> ie my whole domain. Still getting invalid parameter: redirect_uri though.&nbsp;</div>

<div class=""><br class="">

</div>

<div class="">What am I doing wrong? Can I do this this way? I like to have one point of contact with the internet for security reasons.</div>

<span class=""><font color="#888888" class=""><br clear="all" class="">

<div class="">

<div class="">

<div dir="ltr" class="">

<div dir="ltr" class="">

<div class=""><font class=""><b class="">Kevin Thorpe<br class="">

</b></font></div>

<div class="">CTO, PI Limited</div>

</div>

</div>

</div>

</div>

</font></span></div>

<br class="">

</div>

</div>

_______________________________________________<br class="">

keycloak-user mailing list<br class="">

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank" class="">keycloak-user@lists.jboss.org</a><br class="">

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br class="">

</blockquote>

</div>

<br class="">

</div>

</blockquote>

</div>

<br class="">

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<br class="">

_______________________________________________<br class="">

keycloak-user mailing list<br class="">

<a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br class="">

</blockquote>

</div>

<br class="">

</div>

_______________________________________________<br class="">

keycloak-user mailing list<br class="">

<a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>

</blockquote>

</div>

<br class="">

</div>

</div>

</div>

</span>

</body>

</html>